Linux security

Export failed ssh login of intruders on your server with IP into csv file

Here is my simple bash[easyazon_link asin=”0596526784″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] script [/easyazon_link] to export  failed [easyazon_link asin=”0596008953″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] SSH [/easyazon_link] logins with IP address of the intruder into csv file and send back to you  with email. Once you have it in csv format, you can do many things with the data. You can import it into [easyazon_link asin=”0672327120″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] MySQL [/easyazon_link] database, import it into Google Maps and create your custom maps of intruders to your server or simply create another script and block all those IP addresses for good.

Here is my simple [easyazon_link asin=”013308504X” locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] script [/easyazon_link]:

#!/bin/bash
#############################################################
# Filename: intruder.sh
# Description: Send email with intruder date,time, userId, IP
##############################################################
cat /var/log/secure | grep -i "Failed password for" | awk '{print $1,$2,$3,$9,$11;}' > FAILED.csv
mail -s "FAILED SSH LOGINS" you@domain.com < FAILED.csv

Just copy and paste and save as intruder.sh and do not forget make it executable

su
vi intruder.sh
chmod a+x intruder.sh

You are ready to run the [easyazon_link asin=”1118004426″ locale=”US” new_window=”default” nofollow=”default” tag=”wn0d5-20″ add_to_cart=”default” cloaking=”default” localization=”default” popups=”default”] script [/easyazon_link] any time on your your server.

[easyazon_block add_to_cart=”default” align=”left” asin=”013308504X” cloaking=”default” layout=”left” localization=”default” locale=”US” nofollow=”default” new_window=”default” tag=”wn0d5-20″]script[/easyazon_block]

 

Leave a Reply