beherca/find_attacking_ip_ubuntu.sh

## find_attacking_ip_ubuntu.sh
#!/usr/bin/env bash
# @author: beherca
# Use to find all attackers ips from /var/log/auth.log or /var/log/secure in centos, see https://extremeshok.com/6309/linux-see-all-failed-ssh-login-attempts/
# This is preparing step for comming procedures to harden ssh attack http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
# explaination http://resources.infosecinstitute.com/maximizing-ssh-security-service-cloud/
# Usage: ./find_attacking_ip.sh
#
# exit when error occur
set -o errexit
set -o nounset
# Bash will remember & return the highest exitcode in a chain of pipes.
# This way you can catch the error in case mysqldump fails in `mysqldump |gzip`
set -o pipefail

grep 'sshd.*Invalid' /var/log/auth.log | sed 's/.*\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/'  | sort | uniq
	#!/usr/bin/env bash
	# @author: beherca
	# Use to find all attackers ips from /var/log/auth.log or /var/log/secure in centos, see https://extremeshok.com/6309/linux-see-all-failed-ssh-login-attempts/
	# This is preparing step for comming procedures to harden ssh attack http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
	# explaination http://resources.infosecinstitute.com/maximizing-ssh-security-service-cloud/
	# Usage: ./find_attacking_ip.sh
	#
	# exit when error occur
	set -o errexit
	set -o nounset
	# Bash will remember & return the highest exitcode in a chain of pipes.
	# This way you can catch the error in case mysqldump fails in `mysqldump \|gzip`
	set -o pipefail

	grep 'sshd.Invalid' /var/log/auth.log \| sed 's/.\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/' \| sort \| uniq