cek-tr.sh 795 B

123456789101112131415161718192021222324
  1. #!/bin/bash
  2. data=( `cat /var/log/trojan.log | grep -w 'authenticated as' | awk '{print $7}' | sort | uniq`);
  3. echo "-------------------------------";
  4. echo "-----=[ Trojan User Login ]=-----";
  5. echo "-------------------------------";
  6. for akun in "${data[@]}"
  7. do
  8. data2=( `lsof -n | grep -i ESTABLISHED | grep trojan | awk '{print $9}' | cut -d':' -f2 | grep -w 445 | cut -d- -f2 | grep -v '>127.0.0.1' | sort | uniq | cut -d'>' -f2`);
  9. echo -n > /tmp/iptrojan.txt
  10. for ip in "${data2[@]}"
  11. do
  12. jum=$(cat /var/log/trojan.log | grep -w $akun | awk '{print $4}' | cut -d: -f1 | grep -w $ip | sort | uniq)
  13. if [[ -z "$jum" ]]; then
  14. echo > /dev/null
  15. else
  16. echo "$jum" > /tmp/iptrojan.txt
  17. fi
  18. done
  19. jum2=$(cat /tmp/iptrojan.txt | nl)
  20. echo "user : $akun";
  21. echo "$jum2";
  22. echo "-------------------------------"
  23. done