for-servers/server/motd-info.sh

#!/bin/bash

# Скрипт установки кастомного sysinfo MOTD со статистикой логинов и ключей

TARGET_PATH="/etc/update-motd.d/zzzzz-motd-sysinfo"

cat > "$TARGET_PATH" <<"EOF"
#!/bin/bash

RED="\033[0;31m"
GREEN="\033[0;32m"
YELLOW="\033[1;33m"
BLUE="\033[1;34m"
CYAN="\033[0;36m"
RESET="\033[0m"

# Системная статистика
MEM_STAT=$(free -m | awk '/^Mem:/{printf "%.1f/%.1f МБ", $3, $2}')
LOAD_AVG=$(awk '{print $1 " " $2 " " $3}' /proc/loadavg)
if command -v sensors &>/dev/null && sensors | grep -iP "Core|temp1" >/dev/null; then
  CPU_TEMP=$(sensors | grep -iP "Core|temp1" | head -n1 | awk '{print $NF}')
elif [[ -r /sys/class/thermal/thermal_zone0/temp ]]; then
  TEMP_RAW=$(cat /sys/class/thermal/thermal_zone0/temp)
  CPU_TEMP=$(awk "BEGIN{printf \"%.1f°C\", $TEMP_RAW/1000}")
else
  CPU_TEMP="N/A"
fi
DISK_STAT=$(df -h / | awk 'NR==2{printf "%s/%s (свободно/всего)", $4, $2}')

# Локаль для корректного парсинга дат
DATE_24H_AGO=$(LC_TIME=C date --date="24 hours ago" "+%b %-d")
CURRENT_DATE=$(LC_TIME=C date "+%b %-d")
HOUR_24H_AGO=$(date --date="24 hours ago" "+%H")
CURRENT_HOUR=$(date "+%H")

get_recent_logs() {
  local AUTHLOG=""
  if [[ -f /var/log/auth.log ]]; then
    AUTHLOG="/var/log/auth.log"
  elif [[ -f /var/log/secure ]]; then
    AUTHLOG="/var/log/secure"
  fi

  if [[ -n "$AUTHLOG" ]]; then
    awk -v d1="$DATE_24H_AGO" -v d2="$CURRENT_DATE" -v h1="$HOUR_24H_AGO" -v h2="$CURRENT_HOUR" '
    {
      line_date = $1 " " $2
      line_hour = substr($3,1,2)
      if (line_date == d1 && line_date != d2) {
        if (line_hour >= h1) print $0
      }
      else if (line_date == d2) {
        if (line_hour <= h2) print $0
      }
      else if (line_date > d1 && line_date < d2) {
        print $0
      }
    }
    ' "$AUTHLOG"
  elif command -v journalctl &>/dev/null; then
    journalctl -u ssh -u sshd --since "24 hours ago" --no-pager 2>/dev/null
  fi
}

RECENT_LOG=$(get_recent_logs)

# 1. Неудачные попытки
FAILED_IPS=$(echo "$RECENT_LOG" | grep "Failed " | awk '{for(i=1;i<NF;i++) if($i=="from") print $(i+1)}' | grep -E '^[0-9]+\.[0-9]+' | sort | uniq -c | sort -nr | head -n 5 | awk '{printf "%s: %s\n", $2, $1}')

# 2. Успешные входы (всего)
SUCCESS_IPS=$(echo "$RECENT_LOG" | grep "Accepted " | awk '{for(i=1;i<NF;i++) if($i=="from") print $(i+1)}' | grep -E '^[0-9]+\.[0-9]+' | sort | uniq -c | sort -nr | head -n 5 | awk '{printf "%s: %s\n", $2, $1}')

# 3. Входы по ключам (Publickey)
KEY_LOGINS=$(echo "$RECENT_LOG" | grep "Accepted publickey" | awk '{
    user="?"; ip="?"; key="?";
    for(i=1;i<NF;i++) {
        if($i=="for") user=$(i+1);
        if($i=="from") ip=$(i+1);
        if($i=="ssh2:") key=$(i+1);
    }
    print user " [" ip "] " key
}' | sort | uniq -c | sort -nr | head -n 5 | awk '{$1=$1; print $0 " раз(а)"}')

echo -e "\n\n${BLUE}============ Состояние сервера ============${RESET}"
echo -e "${YELLOW}ОЗУ:      ${GREEN}${MEM_STAT}${RESET}"
echo -e "${YELLOW}Нагрузка: ${GREEN}${LOAD_AVG}${RESET}"
echo -e "${YELLOW}Диск:     ${GREEN}${DISK_STAT}${RESET}"
echo -e "${YELLOW}CPU:      ${GREEN}${CPU_TEMP}${RESET}"

echo -e "\n${BLUE}--- Неудачные попытки за 24ч (IP: кол-во) ---${RESET}"
[[ -n "$FAILED_IPS" ]] && echo -e "${RED}${FAILED_IPS}${RESET}" || echo "Нет данных."

echo -e "\n${BLUE}--- Успешные входы за 24ч (IP: кол-во) ---${RESET}"
[[ -n "$SUCCESS_IPS" ]] && echo -e "${GREEN}${SUCCESS_IPS}${RESET}" || echo "Нет данных."

echo -e "\n${BLUE}--- Детали входа по КЛЮЧАМ (User [IP] Fingerprint) ---${RESET}"
[[ -n "$KEY_LOGINS" ]] && echo -e "${CYAN}${KEY_LOGINS}${RESET}" || echo "Входов по ключам не зафиксировано."

if [[ -n "$SSH_CONNECTION" ]]; then
  CURRENT_IP=$(echo $SSH_CONNECTION | awk '{print $1}')
  echo -e "\n${GREEN}Вы успешно вошли как ${USER} с IP: ${CURRENT_IP}${RESET}"
else
  echo -e "\n${GREEN}Вы успешно вошли как ${USER} (Локальный вход)${RESET}"
fi
echo -e "${BLUE}=============================================${RESET}"

EOF

chmod +x "$TARGET_PATH"

echo "===> Скрипт MOTD обновлен: $TARGET_PATH"
bash "$TARGET_PATH"