I use tmux a lot and like to have a good layout that’s relevant to the work I’m doing. Mainly, this is very simple things like DNS queries, nmap scans, telnet/ssh checking which leaves most screen space free for displays such as watching failed hack attempts or showing system usage. Here are my scripts.


This is the script that launches tmux and sets up the panes or rejoins an existing session.

# TMUX Startup script
# C-m means enter key
#Inspired by https://github.com/seyrenhe/linux-autoconfig/blob/master/tmux.sh

tmux start-server

if ! $(tmux has-session -t 'linkstart'); then
tmux new-session -d -s 'linkstart' -n 'linkstart' # -d *
tmux select-window -t 'linkstart'
tmux split-window -h -p 40
tmux select-pane -t 1
tmux split-window -v -p 15
tmux split-window -v -l 1
tmux send-keys -t 1 './watchfail' C-m
tmux send-keys -t 2 './watchauth' C-m
tmux send-keys -t 3 './watchusage' C-m
tmux new-window -n 'general'

tmux select-window -t 'linkstart'
tmux select-pane -t 0

tmux attach-session -d -t 'linkstart'


Sometimes it’s interesting to see the brute force attempts and get a feel for what usernames are popular with malicious actors.


watch -t -n 30 "tail -n 400 /var/log/auth.log \
| grep 'for invalid' \
| awk '{print \$1, \$2, \$3 \"\t\" \$13 \"\t\" \$11 }'"


This is so I can easily see where any successful connections have come from as I know the IPs I usually connect from.


watch -t -n 300 "tail -n 2000 /var/log/auth.log | grep 'Accepted' | awk '{print \$1, \$2, \$3 \"\t\" \$9 \"\t\" \$11 }'"


It’s a very, very, low-usage VM so this is really a “just because” pane.


watch -t -n 20  "echo "CPU `LC_ALL=C top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1}'`% RAM `free -m | awk '/Mem:/ { printf("%3.1f%%", $3/$2*100) }'` HDD `df -h / | awk '/\// {print $(NF-1)}'`""