Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris logs - Tracking failed attempts from my host
Operating Systems Solaris Solaris logs - Tracking failed attempts from my host Post 302592173 by bartus11 on Monday 23rd of January 2012 05:12:29 AM
Old 01-23-2012
I found character missing in this code. Working version is:
Code:
nohup dtrace -n 'syscall::connect:entry/execname=="ssh"/{printf ("uid: %d, command: %s",uid,curpsinfo->pr_psargs)}' > /var/adm/ssh_logins &

I would ask for your system administrator to run this code. After he does that, in /var/adm/ssh_logins lines like that will appear when someone executes ssh command:
Code:
  0   4334                    connect:entry uid: 54321, command: ssh root@localhost
  0   4334                    connect:entry uid: 0, command: ssh locked_account@localhost

On the right side of the file you will find uid of the user that executed ssh command (red) and where he wanted to connect (blue). You can then grep account/host information from that file. I hope this explanation makes it clearer...
 

8 More Discussions You Might Find Interesting

1. AIX

Denying IPaddress for Multiple Failed Login Attempts

Hi. I would like to be able to deny IP address for too many failed login attemps (either from ssh, sftp, ftp, etc). The system I wish this to work on is an AIX 5.1 system. I'm new to AIX but I'm a linux user. There is a program for linux called fail2ban which reads from the log files and see if... (1 Reply)
Discussion started by: metzgerh
1 Replies

2. AIX

ftp check for failed attempts

Hi, I have created the below ftp script to put files over to our capacity server, the check at the end works if ftp fails to run however if the script cannot login or the transfer itself failed there is no warnings. Does anyone know the syntax to trap the erorr codes or to put a check within... (3 Replies)
Discussion started by: chlawren
3 Replies

3. Shell Programming and Scripting

Create a script that executes when a user attempts to delete history logs

Hi, I have a linux redhat 9 server and I am concerned about the security on that server. I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history. I was thinking about... (4 Replies)
Discussion started by: mishkamima
4 Replies

4. Shell Programming and Scripting

Another question for tracking failed logins via script

Hello Experts, I have this initial shell script that tracks failed login attempts: #!/bin/bash #Fetch failed user logins to file failed-logins.txt grep -i failed /var/log/secure | awk '{ print $1, $2" ", $3" ", $9" ", $11 }' > failed-logins.txt #Splitting the failed-logins in... (10 Replies)
Discussion started by: linuxgeek
10 Replies

5. UNIX for Dummies Questions & Answers

TCP failed connection attempts from netstat -s

Dear experts, I am seeing a lot of TCP failed connection attempts from "netstat -s" on one of our servers. How can I pin point what connection failed and what are the ports involved? Any tools/commands I can dig in deeper to diag. what went wrong on these "failed connection attempts"? ... (2 Replies)
Discussion started by: cache51
2 Replies

6. Shell Programming and Scripting

Job tracking in logs

I have two log files from two different days and some jobs start on one day and finish on the next. I also have jobs that start and then don't finish until other jobs start and finish. I'm trying to create a csv file with job name, start time and end time in the order that the jobs started. ... (2 Replies)
Discussion started by: wawa
2 Replies

7. Solaris

Need to recover/move diskgroup from failed host to another host

Hi All I am having VxVm on two Solaris hosts. host1 is using disk group dgHR. right now this server went down due to hardware fault. Not I need to import this dgHR into host2 server. Please let me know the procedure for the same. (1 Reply)
Discussion started by: amity
1 Replies

8. Cybersecurity

Failed SSHD Login Attempts (15,000 per day) - Is that a lot compared to your server?

The purpose of this thread is for everyone to follow the same methodology so we can create a future table, for the benefit of all, that shows how many failed login attempts (hacking) per day per server (and per minute) are happening. This is not a thread on writing scripts or creating... (10 Replies)
Discussion started by: Neo
10 Replies

LEARN ABOUT LINUX

ssh-socks5-proxy-connect

ssh-socks5-proxy-connect(1)					   User Commands				       ssh-socks5-proxy-connect(1)

NAME

       ssh-socks5-proxy-connect - Secure Shell proxy for SOCKS5

SYNOPSIS

       /usr/lib/ssh/ssh-socks5-proxy-connect [-h socks5_proxy_host] [-p socks5_proxy_port] connect_host connect_port

DESCRIPTION

       A proxy command for ssh(1) that uses SOCKS5 (RFC 1928). Typical use is where connections external to a network are only allowed via a socks
       gateway server.

       This proxy command does not provide any of the SOCKS5 authentication mechanisms defined in RFC 1928. Only anonymous connections are  possi-
       ble.

OPTIONS

       The following options are supported:

       -h socks5_proxy_host    Specifies the proxy web server through which to connect. Overrides the SOCKS5_SERVER environment variable.

       -p socks5_proxy_port    Specifies  the  port  on  which	the  proxy  web  server  runs. If not specified, port 80 is assumed. Overrides the
			       SOCKS5_PORT environment variable.

OPERANDS

       The following operands are supported:

       socks5_proxy_host       The host name or IP address (IPv4 or IPv6) of the proxy.

       socks5_proxy_port       The numeric port number to connect to on socks5_proxy_host.

       connect_host	       The name of the remote host to which the socks gateway is to connect you.

       connect_port	       The numeric port number of the socks gateway to connect you to on connect_host.

EXAMPLES

       The recommended way to use a proxy connection command is to configure the ProxyCommand in ssh_config(4) (see  Example  1  and  Example  2).
       Example 3 shows how the proxy command can be specified on the command line when running ssh(1).

       Example 1: Setting the proxy from the environment

       The following example uses ssh-socks5-proxy-connect in ssh_config(4) when the proxy is set from the environment:

       Host playtime.foo.com
	   ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect 
	       playtime.foo.com 22

       Example 2: Overriding proxy environment variables

       The following example uses ssh-socks5-proxy-connect in ssh_config(4) to override (or if not set) proxy environment variables:

       Host playtime.foo.com
	   ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect -h socks-gw 
	       -p 1080 playtime.foo.com 22

       Example 3: Using the command line

       The following example uses ssh-socks5-proxy-connect from the ssh(1) command line:

       example$ ssh -o'ProxyCommand=/usr/lib/ssh/ssh-socks5-proxy-connect 
	   -h socks-gw -p 1080 playtime.foo.com 22' playtime.foo.com

ENVIRONMENT VARIABLES

       SOCKS5_SERVER	       Takes socks5_proxy_host operand to specify the default proxy host.

       SOCKS5_PORT	       Takes socks5_proxy_port	operand to specify the default proxy port.

EXIT STATUS

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ssh(1), ssh-http-proxy-connect(1), ssh_config(4), attributes(5)

SunOS 5.10							    30 Oct 2002 				       ssh-socks5-proxy-connect(1)
All times are GMT -4. The time now is 06:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy