Bash script ssh failed login attempts

In Centos or RHEL, ssh failed login attempts are recorded in /var/log/secure file. Bash script the essential for DevOps Roles. You can ref to Bash script tutorial.

[huupv@localhost ~]$ sudo egrep "Failed password" /var/log/secure

To display a list of IP address ssh failed login attempts

[huupv@localhost ~]$ sudo egrep "Failed password" /var/log/secure | awk '{print $9 ": " $11}' | cut -d ';' -f1 | sed '/^\s*$/d' | uniq -c | sort -nr

I share bash script ssh failed login attempts on Linux. Checking log real time when user login into your system. In my bash script, I written three function : f_check_folder , f_get_log and f_failed_ssh. Running bash script with user root or user privilege.

Bash script ssh failed login attempts

#!/bin/bash
FILE1=/var/log/secure
FOLDER=/tmp/failed_ssh
TEMP_LOG=$FOLDER/tmp_secure.log
NUMBER=/tmp/failed_ssh/number.txt

####################
echo "HOSTNAME: `hostname`"

###################

f_check_folder () {
if [[ -d $FOLDER ]]; then
if [[ ! -s $NUMBER ]]; then
  touch $NUMBER
  echo 0 > $NUMBER
fi
else
  mkdir -p $FOLDER
  touch $NUMBER
  echo 0 > $NUMBER
fi
}

f_get_log () {
NUM=`cat $NUMBER`
SUM=`expr "$NUM" + 1`
tail -n +"$SUM" $FILE1 > $TEMP_LOG
echo `wc -l < $FILE1` > $NUMBER
}

f_failed_ssh () {

sudo egrep "Failed password" $TEMP_LOG | awk '{print $9 ": " $11}' | cut -d ';' -f1 | sed '/^\s*$/d' | uniq -c | sort -nr

}
f_check_folder
f_get_log
f_failed_ssh

The screen output terminal:

Bash script ssh failed login attempts

Conclusion

Thought the article, you can use Bash script ssh failed login attempts. I hope will this your helpful.

About HuuPV

My name is Huu. I love technology and especially Devops Skill such as Docker, vagrant, git so forth. I likes open-sources. so I created DevopsRoles.com site to share the knowledge that I have learned. My Job: IT system administrator. Hobbies: summoners war game, gossip.
View all posts by HuuPV →

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment moderation is enabled. Your comment may take some time to appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.