一.ssh入侵检测
ssh日志路径:/var/log/secure
登录失败会出现’Failed password’关键字
登录成功出现的关键字’Accepted’
显示用户登录失败日志:cat /var/log/secure | grep 'Failed password'
查看某个ip是否登录成功 cat /var/log/secure | grep Accepted | grep ip
统计显示登录失败次数及ip地址: cat /var/log/secure | grep 'Failed password' | awk '{print($11)}'|sort|uniq -c|sort -n
若是使用私钥登录成功则日志会出现 ‘Accepted publickey’关键字
检测使用公钥登录成功的ip:cat /var/log/secure | grep 'Accepted publickey' | awk '{print($11)}'|sort|uniq -c|sort -n
若有收获,就点个赞吧
0 人点赞
