how do I find out all failed login attempts via ssh/telnet? (如何查找通过ssh登陆失败的尝试)
If you use ssh as remote login service, use following command to find out all failed login attempts via ssh or telnet (don’t use telnet):
Use grep command to find out authentication failure message from /var/log/messages file
Use awk and cut command to print IPs/hostname
Use sort command to sort them
Use uniq command to print total failed login attempts
Procedure
1) Login as root user
2) Type following command at shell prompt:
# grep "authentication failure" /var/log/messages|awk '{ print $13 }' | cut -b7- | sort | uniq -c
Output:
Output:
1 216.12.193.35
2 DEVssh
2 hack.baddomain.net
...
..
2 DEVssh
2 hack.baddomain.net
...
..
没有评论▼