Created
May 21, 2012 11:50
-
-
Save rietta/2761988 to your computer and use it in GitHub Desktop.
Get list of IP addresses that have failed to login to SSH from the /var/log/auth.log SSHD log.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A method for getting a list of IP addresses that failed to login to SSH from the /var/log/auth.log. | |
| For just failed root login attempts: | |
| grep "Failed password for root from" /var/log/auth.log | cut -d " " -f 11 | sort | uniq -c | |
| For invalid user failed login attempts: | |
| grep "Failed password for invalid user" /var/log/auth.log | cut -d " " -f 13 | sort | uniq -c | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment