Display successful SSH brute force attempts from secure logs - ~$ sudo apt-get

Display successful SSH brute force attempts from secure logs

by sudo on Apr.07, 2009, under Linux

for i in `grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq`; do grep $i /var/log/secure | grep "Accepted"; done

This is a work in progress.

Parses IPs from failed SSH attempts then runs it against the logs again for successful attempts.

Leave a Reply

RSS feed for this post (comments) · TrackBack URI

Howdy. Welcome to ~$ sudo apt-get!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Recent Posts
Browse by tags
lsof linux xen console

Categories
- Apache
- Linux
- Mail
- mySQL
- PHP
- Plesk
- Sendmail
- Server

Meta
- Log in
- Valid XHTML

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Archives

All entries, chronologically...