Linux里面查看登录日志,并统计次数和排序,查看尝试破解密码的IP
仅需一条命令
grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more
结果类似下面这样:
4377 103.41.124.18
4368 103.41.124.65
3900 62.210.178.226
2214 103.41.124.33
409 62.210.142.105
404 115.231.222.45
152 122.225.97.91
95 122.225.109.205
81 109.195.69.233
42 74.52.105.154
21 87.106.184.62
21 87.106.1.211
21 82.165.154.23
21 69.64.64.62
21 67.226.156.239
21 61.40.192.52
21 60.213.190.98
21 27.251.179.130
21 222.77.190.33
21 211.172.219.251
21 210.249.105.10
15 220.194.46.36
12 203.184.128.106
1 60.190.71.52
1 193.104.41.58
这样我们就可以很清楚的了解有谁在尝试破解我们的密码了,之后做个相关安全策略就可以简单防治了