Bad-ips.sh

#/bin/bash

# IP addresses that have failed SASL login (junk mailers)

grep LOGIN /var/log/mail.log /var/log/mail.log.1 | grep failed | sed -r "s/.*\[([0-9\.]*).*/\1/g" | sort -u

# IP addresses that have tried to access as root (botnets)

grep "Failed password for root" /var/log/auth.log /var/log/auth.log.1 | sed "s/.*from.\([0-9\.]*\).*$/\1/g" | sort --u

# IP addresses that have looked for pre-infections or weaknesses

grep "jmx-console" /var/log/apache2/*.log /var/log/apache2/*.log.1 | sed "s/.* \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\) .*$/\1/g" | sort --u

Bad-ips.sh

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools