I use tmux a lot and like to have a good layout that’s relevant to the work I’m doing. Mainly, this is very simple things like DNS queries, nmap scans, telnet/ssh checking which leaves most screen space free for displays such as watching failed hack attempts or showing system usage. Here are my scripts.

linkstart

This is the script that launches tmux and sets up the panes or rejoins an existing session.

#!/bin/bash
# TMUX Startup script
# C-m means enter key
#Inspired by https://github.com/seyrenhe/linux-autoconfig/blob/master/tmux.sh

tmux start-server

if ! $(tmux has-session -t 'linkstart'); then
tmux new-session -d -s 'linkstart' -n 'linkstart' # -d *
tmux select-window -t 'linkstart'
tmux split-window -h -p 40
tmux select-pane -t 1
tmux split-window -v -p 15
tmux split-window -v -l 1
tmux send-keys -t 1 './watchfail' C-m
tmux send-keys -t 2 './watchauth' C-m
tmux send-keys -t 3 './watchusage' C-m
tmux new-window -n 'general'

tmux select-window -t 'linkstart'
tmux select-pane -t 0
fi

tmux attach-session -d -t 'linkstart'

watchfail

Sometimes it’s interesting to see the brute force attempts and get a feel for what usernames are popular with malicious actors.

#!/bin/bash

watch -t -n 30 "tail -n 400 /var/log/auth.log \
| grep 'for invalid' \
| awk '{print \$1, \$2, \$3 \"\t\" \$13 \"\t\" \$11 }'"

watchauth

This is so I can easily see where any successful connections have come from as I know the IPs I usually connect from.

#!/bin/bash

watch -t -n 300 "tail -n 2000 /var/log/auth.log | grep 'Accepted' | awk '{print \$1, \$2, \$3 \"\t\" \$9 \"\t\" \$11 }'"

watchusage

It’s a very, very, low-usage VM so this is really a “just because” pane.

#!/bin/bash

watch -t -n 20  "echo "CPU `LC_ALL=C top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1}'`% RAM `free -m | awk '/Mem:/ { printf("%3.1f%%", $3/$2*100) }'` HDD `df -h / | awk '/\// {print $(NF-1)}'`""