Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Failed SSHD Login Attempts (15,000 per day) - Is that a lot compared to your server?
Special Forums Cybersecurity Failed SSHD Login Attempts (15,000 per day) - Is that a lot compared to your server? Post 303039260 by Neo on Friday 27th of September 2019 10:59:17 AM
Old 09-27-2019
Quote:
Originally Posted by stomp
@Neo: Thanks for rephrasing and clarifying your request!

Here's a script which calculates the FLAPM value:
THANKS!

Yes, my first post was vague and not clear, so I started over and tried to be more clear.

That's what happens when I am multi-tasking many tasks at once and just do a "quick post" without putting my full thoughts down in the post. My bad and sorry for the earlier confusion.

Your script is really great and a strong contribution.

Perhaps in the future we should add a flag each server can be identified if fail2ban is turned on?

What do you think? Is that an important metric to add, do you think?
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Maximum 3 login attempts

Hi, I notice in my Sun Solaris 8 sparc workstation, if I failed my login in the 5th time, I will be closed the connection from the host. I want to make 3 times. That is, if user fails to login with 3 attempts, he will be closed the connection. How to do it? Of course I am the admin of the... (2 Replies)
Discussion started by: champion
2 Replies

2. Solaris

invalid login attempts...

I am wondering if solaris captures id's associated w/invalid login attempts? when I try to login as "test1" several (3-5) times, I do not find any userID info under "/var/adm" files: utmpx wtmpx messages lastlog Is there another location/log I should be checking? Is it necessary for... (6 Replies)
Discussion started by: mr_manny
6 Replies

3. AIX

Denying IPaddress for Multiple Failed Login Attempts

Hi. I would like to be able to deny IP address for too many failed login attemps (either from ssh, sftp, ftp, etc). The system I wish this to work on is an AIX 5.1 system. I'm new to AIX but I'm a linux user. There is a program for linux called fail2ban which reads from the log files and see if... (1 Reply)
Discussion started by: metzgerh
1 Replies

4. AIX

ftp check for failed attempts

Hi, I have created the below ftp script to put files over to our capacity server, the check at the end works if ftp fails to run however if the script cannot login or the transfer itself failed there is no warnings. Does anyone know the syntax to trap the erorr codes or to put a check within... (3 Replies)
Discussion started by: chlawren
3 Replies

5. Solaris

Number of login attempts on solaris 10

Hi, I want to sent number of login attempts ,so that after that much attempts user account should be locked on solaris 10 (2 Replies)
Discussion started by: manoj.solaris
2 Replies

6. AIX

Invalid login attempts

How can I see the number of invalid login attempts of a user? Thanks, (9 Replies)
Discussion started by: agasamapetilon
9 Replies

7. Shell Programming and Scripting

Shell script in tracking both the passed and failed login in a unix server

Can you help me in providing the following output or a quite similar to this from a shell script ? *** Logins Summary Information ***** ---------------------------------- Failed Login Attempts for Invalid Accounts Date Time IP-ADD Account ... (0 Replies)
Discussion started by: linuxgeek
0 Replies

8. UNIX for Dummies Questions & Answers

TCP failed connection attempts from netstat -s

Dear experts, I am seeing a lot of TCP failed connection attempts from "netstat -s" on one of our servers. How can I pin point what connection failed and what are the ports involved? Any tools/commands I can dig in deeper to diag. what went wrong on these "failed connection attempts"? ... (2 Replies)
Discussion started by: cache51
2 Replies

9. Solaris

Solaris logs - Tracking failed attempts from my host

Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies

LEARN ABOUT DEBIAN

hotswaprc

HOTSWAPRC(5)							File Formats Manual						      HOTSWAPRC(5)

NAME

       hotswaprc - configuration file for  hotswap

DESCRIPTION

       /etc/hotswaprc is the global configuration file for the hotswap utility.

       It  allows system administrators to specify arbitrary shell scripts to be run after a device is inserted, as well as before and after it is
       removed. Scripts are selected according to the model name retrieved from the device. This is particularly helpful for automatic	configura-
       tion of CD-RW drives, which require SCSI emulation and bypass normal access via the IDE subsystem.

       hotswaprc  is  implemented  as  an  Extensible Mark-up Language (XML) application.  XML documents are structured using elements of the form
       <tag-name> content <tag-name>. A Document Type Definition (DTD) describes the possible content of each element.

       Please refer to the XML specification for more information. The hotswap distribution also contains an example file,  doc/hotswaprc.example,
       which includes the DTD for the configuration file format.

ELEMENTS

       <hotswap>
	      This is the root element of the document. Each valid hotswaprc must contain exactly one <hotswap> element. The <hotswap> element may
	      contain an arbitrary number of <device> elements.

       <device>
	      The configuration file contains one <device> element for every device for which scripts are defined. The <device>  element  is  com-
	      posed of the following elements in this order: <name>, <post-insert>, <pre-remove>, <post-remove>. All but <name> are optional.

       <name> The content of this element is the model identification string of the IDE device the current <device> element refers to.

       <post-insert>
	      Contains the shell script that is to be executed after the device has been inserted and registered with the kernel.

       <pre-remove>
	      Contains the shell script that is to be run before hotswap attempts to unregister the device.

       <post-remove>
	      Contains the shell script that is to be run after the device had been unregistered.

REPORT BUGS

       Report bugs to t.stadelmann1@physics.ox.ac.uk.

AUTHOR

       Written by Tim Stadelmann.

SEE ALSO

       hotswap(1), xhotswap(1).

COPYRIGHT

       Copyright (c) 2002-2003 Tim Stadelmann.

       Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License (GPL), Version 2 or
       any later version published by the Free Software Foundation.

								26th November 2002						      HOTSWAPRC(5)
All times are GMT -4. The time now is 01:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy