仅需一条命令

grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more

结果类似下面这样:

 4377 103.41.124.18
 4368 103.41.124.65
 3900 62.210.178.226
 2214 103.41.124.33
  409 62.210.142.105
  404 115.231.222.45
  152 122.225.97.91
   95 122.225.109.205
   81 109.195.69.233
   42 74.52.105.154
   21 87.106.184.62
   21 87.106.1.211
   21 82.165.154.23
   21 69.64.64.62
   21 67.226.156.239
   21 61.40.192.52
   21 60.213.190.98
   21 27.251.179.130
   21 222.77.190.33
   21 211.172.219.251
   21 210.249.105.10
   15 220.194.46.36
   12 203.184.128.106
    1 60.190.71.52
    1 193.104.41.58

这样我们就可以很清楚的了解有谁在尝试破解我们的密码了,之后做个相关安全策略就可以简单防治了

RSS 订阅