Skip to main content

Useful Linux Snippets

Finding failed login attempts from the maillog:

  1. head -n1 /var/log/maillog | awk '{ printf "Failed Login Attempts Since: "$1" "$2": " }' && cat /var/log/maillog | grep "FAILED" | wc -l && cat /var/log/maillog | grep "FAILED" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'

Finding failed FTP login attempts:

  1. head -n1 /var/log/messages | awk '{ printf "Failed FTP Login Attempts Since: "$1" "$2": " }' && cat /var/log/messages | grep "failed for user" | wc -l && cat /var/log/messages | grep "Authentication failed" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'

Finding failed FTP login attempts:

  1. head -n1 /var/log/secure | awk '{ printf "Failed SSH Login Attempts Since: "$1" "$2": " }' && cat /var/log/secure | grep "Failed password" | wc -l && cat /var/log/secure | grep "Failed password" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'


Comments