Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- # @kaiux - 2014
- #
- ###### Explanation
- #
- #This filter looks for "Invalid user" token at ssh log's file
- #Sep 28 23:35:34 srv01 sshd[10644]: refused connect from 10.208.200.99 (10.208.200.99)
- #Sep 28 23:38:25 srv01 sshd[10648]: Invalid user zhangyan from 194.225.68.224
- #Sep 28 23:38:39 srv01 sshd[10652]: Invalid user dff from 194.225.68.224
- # this is not the best filter, but it works
- # you need to run it as root or sudo
- DOT_OUTPUT=ssh_users.dot
- SSH_LOG="/var/log/auth.log"
- echo "Digraph G {" > ${DOT_OUTPUT}
- sudo cat ${SSH_LOG} | grep "Invalid user" | awk '{print "\""$10"\"", "->", "\""$8"\";"}' | sort | uniq >> ${DOT_OUTPUT}
- echo "}" >> ${DOT_OUTPUT}
- # You can use Graphivz
- # Uncomment the following lines to generate your graph
- # dot -Tpng ssh_users.dot -o ssh_force1.png
- # circo -Tpng ssh_users.dot -o ssh_force2.png
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement