Thread: Failed SSH login attempts and how to avoid brute ssh attacks
View Single Post

  #2 (permalink)  
Old 12-19-2006, 05:49 AM
raj raj is offline
Contributors
User
  
Join Date: Jun 2005
Location: Hyderabad
Posts: 151
Rep Power: 4
raj is on a distinguished road
Default
Rocky I am not good at securing servers but here is the command that will tell you if you are under attack. It will list failed login attempts along with host/ip address:

Code:
grep -i 'authentication failure' /var/log/messages|awk '{ print $13 }' | cut -b7- | sort | uniq -c
O/P
Code:
      10 xxx.vnsl.in
      12 xxx.xxx.yyy.zzz
      56 xxx.xxx.yyy.zzz
__________________
Raj
Linux rulz.
I have never turned back in my life ; I shall not do so today.. haha
Reply With Quote