#!/bin/bash# Author: wuseman <wuseman@nr1.nu># Simple script for monitor ssh b

1. #!/bin/bash
2. # Author: wuseman <wuseman@nr1.nu>
3. # Simple script for monitor ssh brute attempts, fixed this for some stranger on fcebook for fun.
4. # Output: [2011-01-01 - 19:01:10] Someone have tried to login from <xx.xx.xx.xx> user=username
5.  
6. while true; do
7. inotifywait -r -q --format %w /var/log/auth.log|grep -i "Failed password for"|tail -n 1|grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b'
8. echo -e "[$(date +%Y-%m-%d\ -\ %H:%M:%S)] - Someone tried to login from \e[1;31m$(cat /var/log/auth.log|grep "authentication failure; l"|awk -Frhost= '{print $2}'|tail -n 1 )\e[0m"
9. # adda din iptabls oneliner här
10. # # /sbin/iptables -I INPUT -i eth1 -s $VARIABEL -j DROP
11. done