hijak · August 29, 2015 14:11
diff --git a/gistfile1.txt b/gistfile1.txt
 failed attempts
 awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n|uniq -c|sort -nk1|awk '{sum+=$1;if($1>300)print "IP: ",$2,"Failed login",$1,"Times"}END{print "\nTotal failed attempts:\t"sum}'
 or
 cat /var/log/secure | grep sshd | grep Failed | sed 's/invalid//' | sed 's/user//' | awk '{print $11}' | sort | uniq -c | sort -rn
 or
 grep "Failed password for" /var/log/secure | grep "Dec  8" | awk '{print $11}' | sort | uniq -c | sort -nr | head -7

 connections to ssh
 netstat -antp|awk '{gsub(/[f:]/, " ");if($7 ~ /22/)print "LOCAL: ",$6,"TARGET: ",$4,"STATE: ",$8}'|sort|uniq -c|sort -nk1|awk '{sum += $1;print}END{print "Total:\t"sum}'
	failed attempts
	awk '/Failed password/ {print $(NF-3)}' /var/log/secure \|sort -n\|uniq -c\|sort -nk1\|awk '{sum+=$1;if($1>300)print "IP: ",$2,"Failed login",$1,"Times"}END{print "\nTotal failed attempts:\t"sum}'
	or
	cat /var/log/secure \| grep sshd \| grep Failed \| sed 's/invalid//' \| sed 's/user//' \| awk '{print $11}' \| sort \| uniq -c \| sort -rn
	or
	grep "Failed password for" /var/log/secure \| grep "Dec 8" \| awk '{print $11}' \| sort \| uniq -c \| sort -nr \| head -7

	connections to ssh
	netstat -antp\|awk '{gsub(/[f:]/, " ");if($7 ~ /22/)print "LOCAL: ",$6,"TARGET: ",$4,"STATE: ",$8}'\|sort\|uniq -c\|sort -nk1\|awk '{sum += $1;print}END{print "Total:\t"sum}'