从/var/log/secure里提取所有攻击 IP 去重 统计次数grep -oE [0-9]\.[0-9]\.[0-9]\.[0-9] /var/log/secure | sort | uniq -c | sort -nr统计了最近的几次访问的ip最多访问的几个ip 搜索看上去都有问题 先拉黑这些ip拉黑吧用grep就能精准统计出每个账号被尝试登录的次数统计所有登录尝试的账号含失败、无效用户 grep -E (Failed password|Invalid user) /var/log/secure \ | awk { if ($0 ~ /Invalid user/) print $8; else if ($0 ~ /Failed password/) print $9; } \ | sort | uniq -c | sort -nr 只统计「root」账号被暴力破解的次数 grep Failed password for root /var/log/secure | wc -l 只统计「无效用户名」的尝试次数比如不存在的账号 grep Invalid user /var/log/secure \ | awk {print $8} \ | sort | uniq -c | sort -nr 按「用户名 IP」维度统计看哪个 IP 在猜哪个账号 grep -E (Failed password|Invalid user) /var/log/secure \ | awk { if ($0 ~ /Invalid user/) {user$8; ip$10} else if ($0 ~ /Failed password/) {user$9; ip$11} print user ip } \ | sort | uniq -c | sort -nr
封禁暴力破解SSH的攻击IP
从/var/log/secure里提取所有攻击 IP 去重 统计次数grep -oE [0-9]\.[0-9]\.[0-9]\.[0-9] /var/log/secure | sort | uniq -c | sort -nr统计了最近的几次访问的ip最多访问的几个ip 搜索看上去都有问题 先拉黑这些ip拉黑吧用grep就能精准统计出每个账号被尝试登录的次数统计所有登录尝试的账号含失败、无效用户 grep -E (Failed password|Invalid user) /var/log/secure \ | awk { if ($0 ~ /Invalid user/) print $8; else if ($0 ~ /Failed password/) print $9; } \ | sort | uniq -c | sort -nr 只统计「root」账号被暴力破解的次数 grep Failed password for root /var/log/secure | wc -l 只统计「无效用户名」的尝试次数比如不存在的账号 grep Invalid user /var/log/secure \ | awk {print $8} \ | sort | uniq -c | sort -nr 按「用户名 IP」维度统计看哪个 IP 在猜哪个账号 grep -E (Failed password|Invalid user) /var/log/secure \ | awk { if ($0 ~ /Invalid user/) {user$8; ip$10} else if ($0 ~ /Failed password/) {user$9; ip$11} print user ip } \ | sort | uniq -c | sort -nr
