Linux Security Snippets

SSH

Failed Login Attempts

On CentOS

find /var/log/ -iname 'secure*' -exec grep sshd.*preauth {} \;

deduplicated by ip

egrep "Failed password(.*)root" /var/log/secure | awk '{print $11}' > ~/tmp_failedlogin_ips && egrep "Failed password(.*)invalid" /var/log/secure | awk '{print $13}' >> ~/tmp_failedlogin_ips && sort tmp_failedlogin_ips | uniq -u
# To block with iptables:
egrep "Failed password(.*)root" /var/log/secure | awk '{print $11}' > ~/tmp_failedlogin_ips && egrep "Failed password(.*)invalid" /var/log/secure | awk '{print $13}' >> ~/tmp_failedlogin_ips && sort tmp_failedlogin_ips | uniq -u | xargs -i iptables -I INPUT -s {} -j DROP

Retrieved from "$'"1"