I use such a system to ban ip's that have made too many unsuccessful login attempts in a certain period of time. Imagine you have an access file like this one (extract):
Code:
Apr 26 15:56:53 monserveur sshd[30750]: Invalid user zoe from 89.110.150.203
Apr 26 16:00:10 monserveur sshd[30986]: Invalid user zachary from 89.110.150.203
Apr 26 20:18:15 monserveur sshd[5159]: Invalid user johnbe from 210.243.170.181
Apr 26 20:18:15 monserveur sshd[5159]: Invalid user allanz from 210.243.170.181
Apr 26 20:22:06 monserveur sshd[5341]: Invalid user frederik78 from 210.243.170.181
Apr 26 20:22:06 monserveur sshd[5341]: Invalid user xgridagent from 210.243.170.181
Apr 26 20:22:16 monserveur sshd[5349]: Invalid user xgridcontroller from 210.243.170.181
Apr 26 20:23:43 monserveur sshd[5419]: Invalid user zzz from 210.243.170.181
Apr 26 20:23:43 monserveur sshd[5419]: Invalid user zzz from 210.243.170.181
Apr 28 02:58:04 monserveur sshd[20403]: Invalid user xfs from 72.93.200.84
Apr 28 02:58:04 monserveur sshd[20403]: Invalid user xfs from 72.93.200.84
Apr 28 02:58:10 monserveur sshd[20409]: Invalid user zephyr from 72.93.200.84
Apr 28 03:02:18 monserveur sshd[20669]: Invalid user yellow from 72.93.200.84
Apr 28 03:02:39 monserveur sshd[20691]: Invalid user xxx from 72.93.200.84
Apr 28 03:03:22 monserveur sshd[20735]: Invalid user year from 72.93.200.84
Apr 28 14:16:32 monserveur sshd[6556]: Invalid user Zmeu from 88.191.46.60
Apr 28 14:17:14 monserveur sshd[6611]: Invalid user za from 88.191.46.60
The following code will extract all ip's that have made more than 2 unsuccessful attempts in one minute. You first need to build a awk array indexing on [date time ip]: Apr 28 20:18 123.123.123.123
hello
I need for a script to capture the ip address from the connected user.
I have 5 logical partitions.
With "who", i have the ip adress, but only for 2 servers.
Do you know another command to know the ip address of connected clients ?
thank you (14 Replies)
I want change my IP address and hostname in my machine by use the console. Can any one tell me how can I execute that by command ?
Thanks & Regards (1 Reply)
Dear All,
Please can you help me to crack this query?
If the log files for the task above all had a naming convention of myoutput_YearMonthDay.log (i.e. myoutput_20060215) How would you find only those log files created between the 10th and the 20th of each month going back the last 365 days.... (1 Reply)
well i'm trying to change the ip adress on an old alphaserver runing tru64 4.0F using the
ifconfig hme0 IP_ADDRESS mask MASK broadcast BROADCAST
and when i check it using ifconfig -a it shows the new ip and all is well
but when the server is rebooted it reverts back to the old ip (3 Replies)
This is probably a real n00b question but i`m not able to figure it out.
I have a folder of configuration files that contain IP-adresses. The line i`m interested in looks like this:
IP_ADDRESS="123.123.123.1123"
Some have muliple ip adresses, so the line will look like :
... (5 Replies)
Hi All,
I have a file which is "|" pipe delimited. The file has 3 fields. the last field contains email ids which has different host names.
I want to sort the file based on host name, which is in 3rd filed and needs to create a file for each host.
For example, if out of 1000 records, 10... (6 Replies)
Hello, I have a problem of routing traffic on two virtual interfaces I have created on my machine (CentOs6)
By using tunctl I created two virtual interfaces tap1 and tap2
let s imagine I gave them two different address
tap1: 10.1.1.1 net 255.255.255.0
tap2: 10.1.2.1 net 255.255.255.0
... (0 Replies)
SSH-LDAP-HELPER(8) BSD System Manager's Manual SSH-LDAP-HELPER(8)NAME
ssh-ldap-helper -- sshd helper program for ldap support
SYNOPSIS
ssh-ldap-helper [-devw] [-f file] [-s user]
DESCRIPTION
ssh-ldap-helper is used by sshd(1) to access keys provided by an LDAP. ssh-ldap-helper is disabled by default and can only be enabled in the
sshd configuration file /etc/ssh/sshd_config by setting AuthorizedKeysCommand to ``/usr/libexec/openssh/ssh-ldap-wrapper''.
ssh-ldap-helper is not intended to be invoked by the user, but from sshd(8) via ssh-ldap-wrapper.
The options are as follows:
-d Set the debug mode; ssh-ldap-helper prints all logs to stderr instead of syslog.
-e Implies -w; ssh-ldap-helper halts if it encounters an unknown item in the ldap.conf file.
-f ssh-ldap-helper uses this file as the ldap configuration file instead of /etc/ssh/ldap.conf (default).
-s ssh-ldap-helper prints out the user's keys to stdout and exits.
-v Implies -d; increases verbosity.
-w ssh-ldap-helper writes warnings about unknown items in the ldap.conf configuration file.
SEE ALSO sshd(8), sshd_config(5), ssh-ldap.conf(5),
HISTORY
ssh-ldap-helper first appeared in OpenSSH 5.5 + PKA-LDAP .
AUTHORS
Jan F. Chadima <jchadima@redhat.com>
BSD April 29, 2010 BSD