unacceptable/watch_brute_force_source_ips

Last active October 2, 2017 01:11

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/unacceptable/92bc6ab4b18cb55f5e461c56d6127fb0.js"></script>
Save unacceptable/92bc6ab4b18cb55f5e461c56d6127fb0 to your computer and use it in GitHub Desktop.

Download ZIP

Watch brute force attempts on a non-secured server. (will list IPs)

Raw

watch_brute_force_source_ips

tail -f /var/log/secure | awk -F "=" '/fail/ && /rhost/ {print$7}'

Author

unacceptable commented Oct 2, 2017

A better solution would probably be something like:

tail -f /var/log/secure | grep -i fail | grep -Eow "([0-9]+\.){3}[0-9]+"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment