This is an old revision of the document!

---

This command will tell you how many failed ssh attempts have been made, from what IP address and their location in the world

t1=`mktemp` ; t2=`mktemp` ; t3=`mktemp` ; cat /var/log/secure | grep sshd | grep Failed | sed 's/invalid//' | sed 's/user//' | awk '{print $11}' | sort | uniq -c | sort -rn | head -15 > $t1 ; for x in `cat $t1 | awk '{print $2}'`; do host $x | awk '{print $5}'; done > $t2 ; sed -i 's/3(NXDOMAIN)/N\/A/g' $t2 ; sed -i 's/2(SERVFAIL)/N\/A/g' $t2 ; for y in `cat $t1 | awk '{print $2}'`; do curl -s http://ip-api.com/csv/$y | awk 'BEGIN { FS = "," } ; { print $2, $5 }'; done > $t3 ; paste $t1 $t2 $t3 && rm -f $t1 $t2 $t3 ; unset t1 t2 t3