-
-
Save rthallisey/c25d729784ee1c3e88be240ac2177554 to your computer and use it in GitHub Desktop.
Get a list of IP addresses trying to attack your CentOS server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/usr/bin/bash | |
| # strings to look for in our file | |
| # Note: you could just parse the whole file. But if you put in a bad password your IP | |
| # could end up on the bad guy list | |
| declare -a badstrings=("Failed password for invalid user" | |
| "input_userauth_request: invalid user" | |
| "pam_unix(sshd:auth): check pass; user unknown" | |
| "input_userauth_request: invalid user" | |
| "does not map back to the address" | |
| "pam_unix(sshd:auth): authentication failure" | |
| "input_userauth_request: invalid user" | |
| "reverse mapping checking getaddrinfo for" | |
| "input_userauth_request: invalid user" | |
| ) | |
| # search for each of the strings in your file (this could probably be a one liner) | |
| for i in "${badstrings[@]}" | |
| do | |
| # look for each term and add new IPs to text file | |
| cat /var/log/secure | grep "$i" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | awk '{print $0}' | sort | uniq >> "temp.txt" | |
| done | |
| # grab unique ips from temp and put them in a file | |
| cat "temp.txt" | sort | uniq > "badguyips.txt" | |
| # remove the temp file | |
| rm "temp.txt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment