toklok/Examining ssh login requests on Ubuntu

## Examining ssh login requests on Ubuntu
Failed attempts by username:
grep "Invalid user " /var/log/auth.log | cut -d' ' -f8 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 100

IP address of each attempt:
grep "Invalid user " /var/log/auth.log | cut -d' ' -f10 | awk '{a[$0]++}END{for(i in a)print i,a[i]}' | sort -k 2 -n -r | head -n 100

Filter for brute-force interactive SSH logins:
grep sshd.\*Failed /var/log/auth.log | less

Look for failed connections (i.e. no login attempted, could be a port scanner, etc.):
grep sshd.*Did /var/log/auth.log | less

Filter the authentication log file for failed authentications and count the attempts (lines in the log file):
grep -i fail /var/log/auth.log | wc -l
	Failed attempts by username:
	grep "Invalid user " /var/log/auth.log \| cut -d' ' -f8 \| awk '{a[$0]++}END{for(i in a)print i,a[i]}' \| sort -k 2 -n -r \| head -n 100

	IP address of each attempt:
	grep "Invalid user " /var/log/auth.log \| cut -d' ' -f10 \| awk '{a[$0]++}END{for(i in a)print i,a[i]}' \| sort -k 2 -n -r \| head -n 100

	Filter for brute-force interactive SSH logins:
	grep sshd.\*Failed /var/log/auth.log \| less

	Look for failed connections (i.e. no login attempted, could be a port scanner, etc.):
	grep sshd.*Did /var/log/auth.log \| less

	Filter the authentication log file for failed authentications and count the attempts (lines in the log file):
	grep -i fail /var/log/auth.log \| wc -l