sshd (OpenSSH Server) which replace older rlogin and rsh / telnet, and
provide secure encrypted communications between two untrusted hosts over
an insecure network.However, OpenSSH is open to various password
guessing attacks. Use the following commands to find out all failed
login attempts:
a) Use the grep command to find out authentication failure message from /var/log/secure file.
a) Use the grep command to find out authentication failure message from /var/log/secure file.
b) Use the awk and cut command to print IPs/hostname.
c) Use the sort command to sort data.
d) Use the uniq command to print total failed login attempts.
Procedure
1) Login as the root user
2) Type the following command at shell prompt:
grep "authentication failure" /var/log/secure | awk '{ print $14 }' | cut -b7- | sort | uniq
credits : http://www.cyberciti.biz/tips/linux-how-to-find-all-failed-login-attempts.html
No comments:
Post a Comment