I've been running a SSH server on my Ubuntu box for several years. Lets see who has been trying to get in.
awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/auth.log* | sort | uniq -c | sort -rn | head -101153 root
43 test
23 linux
19 tester
19 guest
18 testing
17 administrator
15 roor
15 postfix
14 user
So has anyone but myself been able to log in...
awk 'gsub(".*sshd.*Accepted password for (valid user )?", "") {print $1}' /var/log/auth.log* | sort | uniq -c | sort -rn | head -217 Kevin_BrosnanNo, I'm the only user on the system using SSH. Good!
How often did the same IP try and access my computer?
awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/auth.log* | sort | uniq -c | sort -rn | head -10834 - 121.242.167.256
432 - 121.242.65.256
381 - 85.128.10.256
225 - 12.172.224.256
216 - 190.81.104.256
134 - 119.192.138.256
68 - 94.103.155.256
59 - 62.181.56.256
31 - 116.28.64.256
25 - 85.17.154.256
The first and last scripts I found at the Securing SSH Fedora guide and modified to work with the Ubuntu log files. Some data presented here has been partially anonymised.
Main Pages
LATEST ENTRIES
- Detecting SSH logon attempts Ubuntu 9.10
- Upgrading to Ubuntu 9.10 - Gave up waiting for root device
- Hide ‘Search Bookmarks and History’ in Firefox’s address bar
- Ubuntu New Wave GTK theme and Firefox
- Mozilla build error: Ogg support on Linux requires the alsa library
- Mozilla build error: nsinstall: Bad file number
- Output a command to terminal and log file
- Not Quite Brown Tim Horton's Ride
Replies: 0
Leave a Reply