Linux服务查看SSH登录失败日志

发表于 更新于 分类于

查询主要依据 /var/log/secure 文件,有些系统是/var/log/auth.log文件,以下以/var/log/secure 文件为例查询。

1
2
3
4
5
6
7
8
9
10
11
12
13
# 查看哪些IP破解你SSH密码以及次数
cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2" = "$1;}'

# 登录失败的记录
grep -o "Failed password" /var/log/secure|uniq -c

# 登录成功的记录
1. grep "Accepted " /var/log/secure | awk '{print $1,$2,$3,$9,$11}'
2. grep "Accepted password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more

# 排序查看哪些IP破解你SSH密码以及次数
1. cat  | awk '/Failed/{print $(NF-3)}' /var/log/secure | sort | uniq -c | sort -rn
2. grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more

恶意IP检测工具

网址:https://www.abuseipdb.com/
显示结果如下图所示:

相关文章