Last active
January 21, 2019 12:10
-
-
Save mshafiee/d5b1ff729fcde34d3f90feea8dc05258 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Failed attempts by username: | |
grep "Invalid user " /var/log/auth.log | cut -d' ' -f8 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 100 | |
IP address of each attempt: | |
grep "Invalid user " /var/log/auth.log | cut -d' ' -f10 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 100 | |
Filter for brute-force interactive SSH logins: | |
grep sshd.\*Failed /var/log/auth.log | less | |
Look for failed connections (i.e. no login attempted, could be a port scanner, etc.): | |
grep sshd.*Did /var/log/auth.log | less | |
Filter the authentication log file for failed authentications and count the attempts (lines in the log file): | |
grep -i fail /var/log/auth.log | wc -l | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment