Skip to content

Instantly share code, notes, and snippets.

@Nateowami

Nateowami/README.md

Created March 1, 2017 14:34
Show Gist options
  • Save Nateowami/8a74358951d7a9b9b3a91b357c2a1539 to your computer and use it in GitHub Desktop.
Save Nateowami/8a74358951d7a9b9b3a91b357c2a1539 to your computer and use it in GitHub Desktop.
Download ZIP
Failed username login attempts
Raw
README.md

See what usernames bots try to log into your server with

zgrep searches in zipped and unzipped files.

List unique usernames used in failed login attempts:

sudo zgrep -ohP "input_userauth_request: invalid user \K\w+" /var/log/auth.log* | sort -u

Count the usernames

sudo zgrep -ohP "input_userauth_request: invalid user \K\w+" /var/log/auth.log* | sort -u | wc -l

Note that in Ubuntu (and perhaps other distros) logrotate zips older logs and eventually deletes them. This will search compressed and uncompressed logs, but they will probably only go back a few weeks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment