Useful Linux Snippets

Profile picture for user Phil Frilling
By Phil Frilling, 16 October, 2015

Finding failed login attempts from the maillog:


head -n1 /var/log/maillog | awk '{ printf "Failed Login Attempts Since: "$1" "$2": " }' && cat /var/log/maillog | grep "FAILED" | wc -l && cat /var/log/maillog | grep "FAILED" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'

Finding failed FTP login attempts:


head -n1 /var/log/messages | awk '{ printf "Failed FTP Login Attempts Since: "$1" "$2": " }' && cat /var/log/messages | grep "failed for user" | wc -l && cat /var/log/messages | grep "Authentication failed" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'

Finding failed FTP login attempts:


head -n1 /var/log/secure | awk '{ printf "Failed SSH Login Attempts Since: "$1" "$2": " }' && cat /var/log/secure | grep "Failed password" | wc -l && cat /var/log/secure | grep "Failed password" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'