Difference between revisions of "Bad-ips.sh"

From DarkWiki
Jump to: navigation, search
(Created page with "<source lang="bash"> #/bin/bash # IP addresses that have failed SASL login (junk mailers) grep LOGIN /var/log/mail.log /var/log/mail.log.1 | grep failed | sed -r "s/.*\[([0-...")
 
Line 1: Line 1:
 +
==Introduction==
 +
 +
==Script==
 +
 
<source lang="bash">
 
<source lang="bash">
 
#/bin/bash
 
#/bin/bash

Revision as of 06:54, 9 July 2017

Introduction

Script

#/bin/bash

# IP addresses that have failed SASL login (junk mailers)

grep LOGIN /var/log/mail.log /var/log/mail.log.1 | grep failed | sed -r "s/.*\[([0-9\.]*).*/\1/g" | sort -u

# IP addresses that have tried to access as root (botnets)

grep "Failed password for root" /var/log/auth.log /var/log/auth.log.1 | sed "s/.*from.\([0-9\.]*\).*$/\1/g" | sort --u

# IP addresses that have looked for pre-infections or weaknesses

grep "jmx-console" /var/log/apache2/*.log /var/log/apache2/*.log.1 | sed "s/.* \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\) .*$/\1/g" | sort --u
Retrieved from ‘http://wiki.darkmine.org/index.php?title=Bad-ips.sh&oldid=209