Export failed ssh login of intruders on your server with IP into csv file

Here is my simple bashscript to export  failed SSH logins with IP address of the intruder into csv file and send back to you  with email. Once you have it in csv format, you can do many things with the data. You can import it into MySQL database, import it into Google Maps and create your custom maps of intruders to your server or simply create another script and block all those IP addresses for good.

Here is my simple script:

#!/bin/bash
#############################################################
# Filename: intruder.sh
# Description: Send email with intruder date,time, userId, IP
##############################################################
cat /var/log/secure | grep -i "Failed password for" | awk '{print $1,$2,$3,$9,$11;}' > FAILED.csv
mail -s "FAILED SSH LOGINS" [email protected] < FAILED.csv

Just copy and paste and save as intruder.sh and do not forget make it executable

su
vi intruder.sh
chmod a+x intruder.sh

You are ready to run the script any time on your your server.

 

Be the first to comment on "Export failed ssh login of intruders on your server with IP into csv file"

Leave a comment

Your email address will not be published.


*


Get Adobe Flash player Plugin by wpburn.com wordpress themes