Running the following will gives the unique count of invalid SSH attempts on Linux server.
sudo awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure | sort | uniq -c | sort -rn | head -10
Or all of the /var/log/secure* files
sudo awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure* | sort | uniq -c | sort -rn | head -10
No comments:
Post a Comment