Another question for tracking failed logins via script
Hello Experts,
I have this initial shell script that tracks failed login attempts:
and have the ff output for valid-failed-logins:
Jan 18 14:15:03 root 218.104.65.210
Jan 18 14:15:07 root 218.104.65.210
Jan 18 14:15:11 root 218.104.65.210
Jan 18 14:15:23 root 218.104.65.210
Jan 18 14:15:26 root 218.104.65.210
Jan 18 14:15:31 root 218.104.65.210
Jan 18 14:15:35 root 218.104.65.210
Jan 18 14:15:38 root 218.104.65.210
Jan 18 14:15:47 root 218.104.65.210
Jan 18 14:15:57 root 218.104.65.210
Jan 18 14:16:00 root 218.104.65.210
Jan 18 14:16:04 root 218.104.65.210
Jan 18 14:16:50 root 218.104.65.210
Jan 18 14:16:53 root 218.104.65.210
Jan 18 14:16:57 root 218.104.65.210
Jan 18 14:17:01 root 218.104.65.210
Jan 18 14:17:04 root 218.104.65.210
Jan 18 14:17:08 root 218.104.65.210
Jan 18 14:17:12 root 218.104.65.210
Jan 18 14:22:56 root 59.76.81.123
Jan 18 14:32:17 root 220.78.22.250
Jan 18 14:32:21 root 220.78.22.250
Jan 18 14:32:24 root 220.78.22.250
Jan 18 14:32:26 root 220.78.22.250
Jan 18 14:32:29 root 220.78.22.250
Jan 18 14:32:33 root 220.78.22.250
Jan 18 14:32:36 root 220.78.22.250
Jan 18 14:32:39 root 220.78.22.250
Jan 18 14:32:41 root 220.78.22.250
Jan 18 14:32:44 root 220.78.22.250
Jan 18 14:32:47 root 220.78.22.250
Jan 18 14:32:50 root 220.78.22.250
Jan 18 14:32:57 root 220.78.22.250
Jan 18 18:22:35 root 119.111.70.244
Jan 18 18:22:41 root 119.111.70.244
Jan 18 21:31:07 root 209.151.232.70
Jan 18 21:31:09 root 209.151.232.70
Jan 18 21:31:13 root 209.151.232.70
Jan 18 21:31:16 root 209.151.232.70
Jan 18 21:31:19 root 209.151.232.70
Jan 18 21:31:22 root 209.151.232.70
Jan 18 21:31:25 root 209.151.232.70
Jan 18 21:31:28 root 209.151.232.70
Jan 18 21:31:32 root 209.151.232.70
Jan 18 21:31:34 root 209.151.232.70
Jan 18 21:31:38 root 209.151.232.70
Jan 18 21:31:41 root 209.151.232.70
Can you help me how to get the total failed login attempts from each source?
For e.g.
There are some tools to track failed logins in ssh : denyhosts and fail2ban.
The first one tracks unsuccessful logins in /var/log/auth.log (but you can specify another file) and puts the incriminated IP in /etc/hosts.deny (after a number of tries) you can also specify your own commands to be executed.
It manages a couple of files : user-valid, user-invalid, hosts-valid, hosts-invalid...
Maybe that can be a kind of interest for you.
we have more then 10 jobs scheduled in cronjob.. but we can see some of the script has been changed without any notification.. can we write any script which captures any changes inside the scripts with time of change and user name like .. or any other option apart from this ??
Plz help .. (4 Replies)
Hello guys,
I made a loginlog file to register failed login attempts on my sun-blade 1500 server ( just studying at home) . The code below is how I created the file :
# touch /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# chgrp sys /var/adm/loginlog
After creating the file, I... (1 Reply)
Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Hi,
I need to run a script in two different login's in the same server, but it is running only in one login, i have used the corresponding PATH for each login, but still it says " not authorized to put msg in queue". (2 Replies)
By a shell script When I am logging into hosts one by one with ssh.
I am getting below message.
Pseudo-terminal will not be allocated because stdin is not a terminal.
stty: : Invalid argument
stty: : Invalid argument
Can you please suggest what should I do to stop this?
... (10 Replies)
Can you help me in providing the following output or a quite similar to this from a shell script ?
*** Logins Summary Information *****
----------------------------------
Failed Login Attempts for Invalid Accounts
Date Time IP-ADD Account ... (0 Replies)
Hi ,
I am pretty new to scripting, and I trying to write a script which is not working as I expect to ....
I am trying to write a script which starts from top directory and tracks all the folders and sub-folders till it reaches a file and gives the list of files as output for a given... (2 Replies)
I have tried limiting failed logins to three by the following method
logins -ox \ | awk -F: '($8 != "LK" && $1 != "root") { print $1 }' \ | while read logname; do
/usr/lbin/modprpw -m umaxlntr=3 "$logname"
done
/usr/lbin/modprdef -m umaxlntr=3
but it is failing on the 4th... any ideas?... (1 Reply)