timsonner/failed-logins.md

Created October 26, 2025 01:03

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/timsonner/50e2a45aeffe4b82aab42c07e5dd841f.js"></script>
Save timsonner/50e2a45aeffe4b82aab42c07e5dd841f to your computer and use it in GitHub Desktop.

Download ZIP

Raw

failed-logins.md

Parse failed logins - Linux

Extract IP addresses from /var/log/secure

grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' /var/log/secure | sort| uniq -u

Extract usernames from failed login attempts from lastb

lastb | awk '{print $1}' | sort | uniq -u

Extract invalid login attempts from /var/log/secure

sed -n '/Invalid user/p' /var/log/secure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment