yukoff

## crowdsec-process-sshd-log
#!/usr/bin/env bash
# log could be /var/log/secure or /var/log/auth.log
zgrep -P 'Invalid user .+? from |Failed password for .+? from ' /var/log/auth.log* \
    | grep -Pv $WHITELISTIPS \
    | perl -p -e 's/.+? from (\d+\.\d+\.\d+\.\d+) port .+/\1/g' \
    | sort -u \
    | xargs -I % sudo cscli decisions add --ip % --duration 48h --reason "ssh bruteforce"
	#!/usr/bin/env bash
	# log could be /var/log/secure or /var/log/auth.log
	zgrep -P 'Invalid user .+? from \|Failed password for .+? from ' /var/log/auth.log* \
	\| grep -Pv $WHITELISTIPS \
	\| perl -p -e 's/.+? from (\d+\.\d+\.\d+\.\d+) port .+/\1/g' \
	\| sort -u \
	\| xargs -I % sudo cscli decisions add --ip % --duration 48h --reason "ssh bruteforce"