Bash script ssh failed login attempts

In Centos or RHEL, ssh failed login attempts are recorded in /var/log/secure file. Bash script the essential for DevOps Roles. You can ref to Bash script tutorial.

[huupv@localhost ~]$ sudo egrep "Failed password" /var/log/secure

To display a list of IP address ssh failed login attempts

[huupv@localhost ~]$ sudo egrep "Failed password" /var/log/secure | awk '{print $9 ": " $11}' | cut -d ';' -f1 | sed '/^\s*$/d' | uniq -c | sort -nr

I share bash script ssh failed login attempts on Linux. Checking log real time when user login into your system. In my bash script, I written three function : f_check_folder , f_get_log and f_failed_ssh. Running bash script with user root or user privilege.

Bash script ssh failed login attempts

#!/bin/bash
FILE1=/var/log/secure
FOLDER=/tmp/failed_ssh
TEMP_LOG=$FOLDER/tmp_secure.log
NUMBER=/tmp/failed_ssh/number.txt

####################
echo "HOSTNAME: `hostname`"

###################

f_check_folder () {
if [[ -d $FOLDER ]]; then
if [[ ! -s $NUMBER ]]; then
  touch $NUMBER
  echo 0 > $NUMBER
fi
else
  mkdir -p $FOLDER
  touch $NUMBER
  echo 0 > $NUMBER
fi
}

f_get_log () {
NUM=`cat $NUMBER`
SUM=`expr "$NUM" + 1`
tail -n +"$SUM" $FILE1 > $TEMP_LOG
echo `wc -l < $FILE1` > $NUMBER
}

f_failed_ssh () {

sudo egrep "Failed password" $TEMP_LOG | awk '{print $9 ": " $11}' | cut -d ';' -f1 | sed '/^\s*$/d' | uniq -c | sort -nr

}
f_check_folder
f_get_log
f_failed_ssh

The screen output terminal:

Bash script ssh failed login attempts

Conclusion

Thought the article, you can use Bash script ssh failed login attempts. I hope will this your helpful.

About HuuPV

My name is Huu. I love technology and especially Devops Skill such as Docker, vagrant, git so forth. I likes open-sources. so I created DevopsRoles.com site to share the knowledge that I have learned. My Job: IT system administrator. Hobbies: summoners war game, gossip.
View all posts by HuuPV →

Leave a Reply

Your email address will not be published.

Comment moderation is enabled. Your comment may take some time to appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.