[root@nano ~]# lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -5
29 root
24 admin
16 sales
14 test
14 staff
[root@nano ~]# ### top 5 most attacked accounts
[root@nano ~]# awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure* | sort | uniq -c | sort -rn | head -5
723 root
66 admin
45 test
39 ftpuser
34 mysql
[root@nano ~]# ### top 5 attacker IP addresses (obscured for privacy)
[root@nano ~]# awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/secure* | sort | uniq -c | sort -rn | head -5
1042 193.251.XXX.XXX
556 85.21.XXX.XXX
373 218.189.XXX.XXX
284 121.156.XX.XXX
228 121.140.XX.XXX
Inga kommentarer:
Skicka en kommentar