作者: reistlin
来源: http://www.reistlin.com/blog/194
更新时间: 2010.04
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

debian.png

Debian SSH “Failed password for root” List source IP

方法:

1,索引 Debian [/var/log/auth.log] 日志文件
2,查询 "Failed password for root" 关键字
3,awk 获取 IP 字段,计算/统计 IP 次数,降序排列

grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | grep -v ";"

举例:

友情提示:

1,配置 /etc/ssh/sshd_config 文件:PermitRootLogin no
2,配置 /etc/ssh/sshd_config 文件 SSH 服务端口 != 22

reistlin@reistlin:~$ sudo grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | grep -v ";"
   1365 173.192.186.155
    202 65.75.128.151
    160 168.243.14.19
    139 143.248.222.228
     85 219.141.189.213
     62 157.86.173.251
     53 88.191.63.71
     23 219.239.98.225
     16 62.199.231.203
     14 202.201.241.132
     14 125.89.79.74
     13 208.73.3.6
     11 115.248.24.130
      7 61.136.121.122
      7 124.42.61.66
      4 68.233.230.148
      4 61.180.240.17
      1 184.105.195.52

标签: debian, ssh, linux