Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Bash Cookbook

You're reading from   Bash Cookbook Leverage Bash scripting to automate daily tasks and improve productivity

Arrow left icon
Product type Paperback
Published in Jul 2018
Publisher Packt
ISBN-13 9781788629362
Length 264 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (2):
Arrow left icon
Ganesh Sanjiv Naik Ganesh Sanjiv Naik
Author Profile Icon Ganesh Sanjiv Naik
Ganesh Sanjiv Naik
Ron Brash Ron Brash
Author Profile Icon Ron Brash
Ron Brash
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Crash Course in Bash FREE CHAPTER 2. Acting Like a Typewriter and File Explorer 3. Understanding and Gaining File System Mastery 4. Making a Script Behave Like a Daemon 5. Scripts for System Administration Tasks 6. Scripts for Power Users 7. Writing Bash to Win and Profit 8. Advanced Scripting Techniques 9. Other Books You May Enjoy

Blocking IP addresses from failed SSH attempts


In this recipe, we will learn about finding the failed SSH attempts and blocking those IP addresses. To find failed attempts, we will use grep as well as cat commands. The login attempts to the SSH Server are tracked and recorded into the rsyslog daemon.

Getting ready

Besides having a Terminal open, we need to remember a few concepts:

  • Basic knowledge of the grep and cat commands
  • Ensure that grep is installed

How to do it…

We will find the failed SSH login attempts using the grep and cat commands. First, be a root user. Type the sudo su command. Next, run the following command to fetch the failed attempts using the grep command:

# grep "Failed password" /var/log/auth.log

You can do this using the cat command also. Run the following command:

# cat /var/log/auth.log | grep "Failed password"

You can block the particular IP address that has failed SSH login attempt using tcp-wrapper. Navigate to the /etc directory. Look for the hosts.deny file, add the following...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime