Debian Linux SSH root 统计登录失败的来源 IP 地址列表
作者: reistlin
来源: http://www.reistlin.com/blog/194
更新时间: 2010.04
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要
Debian SSH “Failed password for root” List source IP
方法:
1,索引 Debian [/var/log/auth.log] 日志文件
2,查询 "Failed password for root" 关键字
3,awk 获取 IP 字段,计算/统计 IP 次数,降序排列
grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | grep -v ";"
举例:
友情提示:
1,配置 /etc/ssh/sshd_config 文件:PermitRootLogin no
2,配置 /etc/ssh/sshd_config 文件 SSH 服务端口 != 22
reistlin@reistlin:~$ sudo grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | grep -v ";" 1365 173.192.186.155 202 65.75.128.151 160 168.243.14.19 139 143.248.222.228 85 219.141.189.213 62 157.86.173.251 53 88.191.63.71 23 219.239.98.225 16 62.199.231.203 14 202.201.241.132 14 125.89.79.74 13 208.73.3.6 11 115.248.24.130 7 61.136.121.122 7 124.42.61.66 4 68.233.230.148 4 61.180.240.17 1 184.105.195.52