Here is my simple bash[easyazon_link asin=”0596526784″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] script [/easyazon_link] to export failed [easyazon_link asin=”0596008953″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] SSH [/easyazon_link] logins with IP address of the intruder into csv file and send back to you with email. Once you have it in csv format, you can do many things with the data. You can import it into [easyazon_link asin=”0672327120″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] MySQL [/easyazon_link] database, import it into Google Maps and create your custom maps of intruders to your server or simply create another script and block all those IP addresses for good.
Here is my simple [easyazon_link asin=”013308504X” locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] script [/easyazon_link]:
#!/bin/bash
#############################################################
# Filename: intruder.sh
# Description: Send email with intruder date,time, userId, IP
##############################################################
cat /var/log/secure | grep -i "Failed password for" | awk '{print $1,$2,$3,$9,$11;}' > FAILED.csv
mail -s "FAILED SSH LOGINS" you@domain.com < FAILED.csv
Just copy and paste and save as intruder.sh and do not forget make it executable
su vi intruder.sh chmod a+x intruder.sh
You are ready to run the [easyazon_link asin=”1118004426″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] script [/easyazon_link] any time on your your server.
[easyazon_block add_to_cart=”default” align=”left” asin=”013308504X” cloaking=”default” layout=”left” localization=”default” locale=”US” nofollow=”default” new_window=”default” tag=”wn0d5-20″]script[/easyazon_block]