Current File : //opt/zabbix/scripts/base/quemequem.sh

#/bin/bash

if [[ -f /etc/hascpanelsupport ]]; then

support="184.94.197.6|184.94.197.5|184.94.197.4|184.94.197.3|208.74.123.98|69.175.106.198|35.161.131.175|184.94.197.2|23.111.175.214"
else
support="noIP"
fi

acesso=$(last | grep root | grep 'still logged in')

if [ -z "$acesso" ]; then
        echo 0
        exit 0
else
        ip=$(sed -n "/^$(date --date='2 minutes ago' '+%b %_d %H:%M')/,\$p" /var/log/secure | grep "Accepted" | grep root | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | grep -v -E "130.185.82.35|185.15.20.28|10.12.0.0/16|10.30.0.0/22|10.30.8.0/22|10.60.0.0/18|10.60.64.0/18|176.62.166.90|$support" | tail -1)
        ippw=$(sed -n "/^$(date --date='12 hours ago' '+%b %_d %H:%M')/,\$p" /var/log/secure | grep "Accepted password for root" | grep root | tail -1)

        if [ -n "$ip" ]; then
                echo "MAUZAO"
        fi

        if [[ -z "$ip" && -n "$ippw" ]]; then
                echo "password"
        fi

        if [[ -z $ip && -z $ippw ]]; then
            rsa=$(grep "Accepted publickey for root" /var/log/secure | awk -F "SHA256:" '{print $2}' | tail -1)
			if [ -z $rsa ]; then
				#echo "User"
				exit 0
			fi
            user=$(ssh-keygen -l -f /root/.ssh/authorized_keys | grep $rsa | awk '{$1=$2=""}1' | awk '{$NF=""}1')
            echo "User" $user
        fi
fi