Bash-enabled linux SSH accounts are one of the sweetest and enticing server aroma for a SSH port attacket to get one from a server being managed by somebody else.
Here's a quick post on how to list down the SSH user accounts with most failed SSH login attempts.
Get Most Attacked SSH System Accounts
SSH spurs any failed SSH login attempts to /var/log/secure by default. To get all those failed SSH login attempts and list down most attacked SSH accounts with failed password attempts, simply
# cat secure* | grep 'Failed password' | awk '{print $9}' | sort -rn | uniq -c
A similar results would be15 user1
12 user2
11 user3
12 user4
[sniff]
Top 10 SSH Account with Most Failed SSH Login Attempts
To get the top 10 SSH accounts with most failed login and password attempts, simply
# cat secure* | grep 'Failed password' | awk '{print $9}' | sort -rn | uniq -c | head -10
The above displays the accounts gathering its most failed SSH login attemps. You could check its IP to check if it also represents the most attach SSH account user.
All is done.
Get Fedora
Monday, August 11, 2008
How To Get SSH Users With Most Failed Login Attempts via Terminal
Subscribe to:
Post Comments (Atom)
Make Money
Live Traffic
ILoveTux - howtos and news | About | Contact | TOS | Policy
0 comments:
Post a Comment