Hacker versuchen außerdem meine Systeme lahmzulegen ?auth.log? der letzten 24 h > 1 GB
sed -ne /"\(Failed password for\|invalid user\) .* from"/p /var/log/auth.log | sed s/".*\(Failed password for\|invalid user\) "// | sed s/" from"// | sed s/" port.*"// | sed /"193.109.13[32]"/d \
| awk '{print $2,$1}' | sort | uniq
echo use ' | cut -d " " -f 1 | uniq ' for ips only
1.234.85.29 root
1.34.220.216 test
103.10.230.126 hduser
103.239.252.122 test1
103.243.107.236 admin
103.243.107.236 root
103.26.14.92 proatom
103.7.130.114 cron
103.7.130.114 hadoop
103.7.130.114 nagios
103.7.130.114 postgres
103.7.130.114 redmine
103.7.130.114 root
103.7.130.114 zhouli
103.71.255.27 wxbackp
103.89.88.134 admin
103.89.88.134 support
104.236.100.226 root
104.46.99.216 root
106.172.80.224 admin
106.172.80.224 root
106.2.1.26 uftp
106.247.228.75 vagrant
106.37.201.139 docker
106.39.13.130 root
106.74.39.36 web
107.170.100.131 proatom
108.58.41.139 root
109.238.11.53 ftp
110.169.254.59 deployer
110.170.194.66 centos
110.234.65.146 smbuser
110.86.7.82 oracle
111.11.181.135 www
111.11.181.53 vps
111.198.142.201 test
111.47.243.185 kafka
111.93.127.122 root
112.16.57.78 henry
112.227.155.48 root
112.33.17.57 nginx
112.87.94.191 root
114.115.143.27 yazid
114.30.217.5 pi
114.67.24.30 root
115.159.31.78 testuser
115.178.73.2 peter
115.231.107.121 bob
116.18.229.170 www-data
117.159.144.145 nate
117.48.200.72 admin
118.114.237.235 postgres
118.122.195.159 root
118.241.194.92 pi
118.244.238.4 root
118.69.35.126 dev
118.85.194.26 root
118.89.111.157 wooxo
119.254.84.74 ubuntu
119.254.84.74 usuario
119.29.114.52 kafka
119.29.152.55 ec2-user
119.79.225.226 backups
120.132.25.223 test
121.14.212.10 student
121.15.200.85 test3
121.156.122.97 test
121.156.65.122 noreply
121.194.3.166 adm
122.114.207.2 server1
122.13.72.234 admin
122.225.26.22 public
123.141.29.11 foo
123.169.193.0 root
123.206.226.149 test
123.207.172.15 alex
123.207.254.48 henry
123.207.66.80 henry
123.207.74.72 system
123.207.84.100 frappe
123.244.9.82 root
123.71.225.155 server
124.251.62.214 docker
124.67.81.2 web
125.227.96.79 math
128.199.165.114 ubuntu
128.199.178.24 logger
128.199.221.157 guest
128.199.221.157 nginx
131.114.101.23 test
134.119.182.34 bpadler
136.243.22.168 vagrant
138.118.214.71 jenkins
138.121.136.87 oracle
139.159.212.248 test
139.219.235.52 james
139.99.157.2 logger
142.54.101.146 root
143.202.71.187 dummy
144.217.160.81 ftpuser
147.135.222.7 admin
151.80.40.90 test
153.149.173.211 root
155.133.82.12 root
157.253.17.97 vps
157.253.29.60 yazid
158.69.222.95 reiki-direkt
163.172.149.4 root
163.180.20.181 dynip
163.180.20.181 root
172.104.92.46 snort
172.104.92.46 user1
173.212.246.107 debian
174.3.58.251 test
175.139.231.129 docker
177.129.242.23 root
177.184.212.1 developer
178.118.158.194 root
178.255.175.63 app
179.184.176.114 zabbix
179.184.22.3 02
180.101.144.27 www
180.101.145.109 nagios
180.76.237.61 spark
180.97.90.131 tomcat
181.211.142.6 admin
181.27.62.130 root
182.162.141.15 root
182.162.90.128 banktunnel
182.61.116.4 dummy
183.131.243.43 content
183.136.188.116 service
183.157.186.208 admin
183.232.203.53 write
183.239.39.101 admin
183.245.210.26 root
184.66.34.146 hadoop
185.145.131.191 reiki-direkt
185.26.48.52 list
185.98.24.218 telecom
186.10.1.21 mongo
187.171.40.32 node
187.64.167.67 weblogic
187.64.33.36 alex
188.34.90.226 hadoop
188.37.231.131 usuario
189.254.33.157 banktunnel
189.45.201.109 local
190.1.200.250 root
190.144.94.3 server
190.179.131.76 root
190.234.44.102 root
190.3.69.170 oracle
190.48.86.211 admin
190.7.199.42 root
191.101.229.178 reiki-direkt
192.99.10.228 baehring
192.99.10.228 root
193.70.0.112 test
195.54.47.52 test
197.156.67.177 peter
197.230.43.31 root
197.251.5.155 ubuntu
200.115.134.237 petery
200.12.38.169 hduser
200.174.69.146 henry
200.187.150.144 www-data
200.219.209.2 ts
200.254.119.50 backups
200.43.185.67 content
200.52.55.70 root
201.177.211.191 root
201.23.109.210 apache
201.236.225.231 sammy
201.238.217.12 oracle
201.77.115.24 ftpuser
202.29.240.157 git
202.85.222.225 henry
202.91.76.166 uplink
202.91.83.235 root
203.158.202.26 root
210.122.34.228 www
210.206.120.250 ubnt
210.245.26.9 interview
210.245.26.9 maximilian
210.245.26.9 nazis
211.110.139.179 backup
211.110.139.179 user1
211.137.13.185 nexus
211.195.229.66 mysql
211.224.55.238 ubuntu
211.253.29.114 nagios
211.75.141.112 vnc
213.108.129.161 admin
213.55.79.200 root
213.80.248.78 test
216.224.162.95 apache
216.66.91.10 admin
217.114.188.142 history
217.129.199.192 pi
218.145.31.179 dynip
218.17.23.10 backups
218.18.152.6 zabbix
218.206.69.40 jenkins
218.57.137.188 root
218.60.136.106 root
218.65.30.124 root
218.76.82.130 chimistry
218.86.28.150 www
219.111.9.97 test
219.239.97.72 nagios
220.132.238.76 matt
220.133.128.198 jira
220.174.236.220 mattw
220.189.211.78 test
220.248.229.85 postgres
221.141.3.53 wxbackp
221.161.235.169 bob
222.103.135.219 git
222.103.136.112 struct
222.103.136.182 noreply
222.112.220.43 root
222.133.69.84 admin
222.187.227.234 web
222.242.191.216 chef
223.66.102.10 root
223.86.3.51 tomcat
24.37.220.150 root
27.254.158.81 glassfish
27.77.50.221 hduser
31.221.2.185 root
31.223.225.7 root
31.47.198.108 browser
34.210.52.47 mysql
34.216.27.175 admin
36.66.133.145 guest
37.9.170.35 aldo
42.116.254.10 testuser
42.62.55.240 gpadmin
43.242.84.52 admin
43.242.84.52 im_user
45.112.125.26 changem
45.123.96.108 frappe
46.137.245.184 proatom
46.44.210.20 banktunnel
46.44.210.20 im_user
47.205.250.5 www
47.90.127.164 ftpuser
49.231.145.167 git
5.188.10.179 admin
50.235.128.185 root
50.35.173.178 db
51.254.123.31 ec2-user
51.255.166.189 root
52.172.158.43 admin
52.174.6.244 manager
52.174.6.244 usuario
52.27.123.30 bpadler
52.27.123.30 root
58.30.26.15 chef
59.120.35.74 admin1
59.127.249.30 root
59.60.9.236 oracle
60.190.51.66 dev
60.251.223.115 amssys
61.143.10.210 root
61.189.243.28 intp
61.191.100.164 nginx
65.183.143.12 admin
69.123.107.25 admin
69.159.244.95 root
69.74.202.65 ansible
73.142.152.88 root
74.219.121.230 app
75.127.147.2 test
75.81.102.50 db
77.222.101.149 snort
77.222.101.149 user01
77.42.156.235 admin
78.189.23.78 admin
79.189.189.58 admin
80.186.3.223 admin
80.241.208.60 apache
80.241.208.60 test
81.248.11.181 root
82.202.236.244 comercial
82.213.2.18 admin
83.239.171.157 test
83.48.106.35 root
84.55.161.158 admin
85.125.81.189 admin
88.99.175.137 root
88.99.175.137 user1
88.99.199.66 jboss
88.99.199.66 reiki-direkt
88.99.70.25 maximilian
88.99.70.25 office
90.182.204.52 andre
91.221.66.133 anonymous
91.221.66.133 office
93.146.200.99 ts3
93.150.62.106 support
93.64.209.250 student4
94.138.183.252 guest
94.72.4.189 pi
95.160.63.17 support
96.9.241.234 guest
96.9.241.234 qhsupport
"<pre>" found at 93 and "</pre>" found at 6738
"<pre>
<b>
sed -ne /"\(Failed password for\|invalid user\) .* from"/p
/var/log/auth.log | sed s/".*\(Failed password for\|invalid user\) "// |
sed s/" from"// | sed s/" port.*"// | sed /"193.109.13[32]"/d \
| awk '{print $2,$1}' | sort | uniq
</b>
<i>echo use ' | cut -d " " -f 1 | uniq ' for ips only</i>
1.234.85.29 root
1.34.220.216 test
103.10.230.126 hduser
103.239.252.122 test1
103.243.107.236 admin
103.243.107.236 root
103.26.14.92 proatom
103.7.130.114 cron
103.7.130.114 hadoop
103.7.130.114 nagios
103.7.130.114 postgres
103.7.130.114 redmine
103.7.130.114 root
103.7.130.114 zhouli
103.71.255.27 wxbackp
103.89.88.134 admin
103.89.88.134 support
104.236.100.226 root
104.46.99.216 root
106.172.80.224 admin
106.172.80.224 root
106.2.1.26 uftp
106.247.228.75 vagrant
106.37.201.139 docker
106.39.13.130 root
106.74.39.36 web
107.170.100.131 proatom
108.58.41.139 root
109.238.11.53 ftp
110.169.254.59 deployer
110.170.194.66 centos
110.234.65.146 smbuser
110.86.7.82 oracle
111.11.181.135 www
111.11.181.53 vps
111.198.142.201 test
111.47.243.185 kafka
111.93.127.122 root
112.16.57.78 henry
112.227.155.48 root
112.33.17.57 nginx
112.87.94.191 root
114.115.143.27 yazid
114.30.217.5 pi
114.67.24.30 root
115.159.31.78 testuser
115.178.73.2 peter
115.231.107.121 bob
116.18.229.170 www-data
117.159.144.145 nate
117.48.200.72 admin
118.114.237.235 postgres
118.122.195.159 root
118.241.194.92 pi
118.244.238.4 root
118.69.35.126 dev
118.85.194.26 root
118.89.111.157 wooxo
119.254.84.74 ubuntu
119.254.84.74 usuario
119.29.114.52 kafka
119.29.152.55 ec2-user
119.79.225.226 backups
120.132.25.223 test
121.14.212.10 student
121.15.200.85 test3
121.156.122.97 test
121.156.65.122 noreply
121.194.3.166 adm
122.114.207.2 server1
122.13.72.234 admin
122.225.26.22 public
123.141.29.11 foo
123.169.193.0 root
123.206.226.149 test
123.207.172.15 alex
123.207.254.48 henry
123.207.66.80 henry
123.207.74.72 system
123.207.84.100 frappe
123.244.9.82 root
123.71.225.155 server
124.251.62.214 docker
124.67.81.2 web
125.227.96.79 math
128.199.165.114 ubuntu
128.199.178.24 logger
128.199.221.157 guest
128.199.221.157 nginx
131.114.101.23 test
134.119.182.34 bpadler
136.243.22.168 vagrant
138.118.214.71 jenkins
138.121.136.87 oracle
139.159.212.248 test
139.219.235.52 james
139.99.157.2 logger
142.54.101.146 root
143.202.71.187 dummy
144.217.160.81 ftpuser
147.135.222.7 admin
151.80.40.90 test
153.149.173.211 root
155.133.82.12 root
157.253.17.97 vps
157.253.29.60 yazid
158.69.222.95 reiki-direkt
163.172.149.4 root
163.180.20.181 dynip
163.180.20.181 root
172.104.92.46 snort
172.104.92.46 user1
173.212.246.107 debian
174.3.58.251 test
175.139.231.129 docker
177.129.242.23 root
177.184.212.1 developer
178.118.158.194 root
178.255.175.63 app
179.184.176.114 zabbix
179.184.22.3 02
180.101.144.27 www
180.101.145.109 nagios
180.76.237.61 spark
180.97.90.131 tomcat
181.211.142.6 admin
181.27.62.130 root
182.162.141.15 root
182.162.90.128 banktunnel
182.61.116.4 dummy
183.131.243.43 content
183.136.188.116 service
183.157.186.208 admin
183.232.203.53 write
183.239.39.101 admin
183.245.210.26 root
184.66.34.146 hadoop
185.145.131.191 reiki-direkt
185.26.48.52 list
185.98.24.218 telecom
186.10.1.21 mongo
187.171.40.32 node
187.64.167.67 weblogic
187.64.33.36 alex
188.34.90.226 hadoop
188.37.231.131 usuario
189.254.33.157 banktunnel
189.45.201.109 local
190.1.200.250 root
190.144.94.3 server
190.179.131.76 root
190.234.44.102 root
190.3.69.170 oracle
190.48.86.211 admin
190.7.199.42 root
191.101.229.178 reiki-direkt
192.99.10.228 baehring
192.99.10.228 root
193.70.0.112 test
195.54.47.52 test
197.156.67.177 peter
197.230.43.31 root
197.251.5.155 ubuntu
200.115.134.237 petery
200.12.38.169 hduser
200.174.69.146 henry
200.187.150.144 www-data
200.219.209.2 ts
200.254.119.50 backups
200.43.185.67 content
200.52.55.70 root
201.177.211.191 root
201.23.109.210 apache
201.236.225.231 sammy
201.238.217.12 oracle
201.77.115.24 ftpuser
202.29.240.157 git
202.85.222.225 henry
202.91.76.166 uplink
202.91.83.235 root
203.158.202.26 root
210.122.34.228 www
210.206.120.250 ubnt
210.245.26.9 interview
210.245.26.9 maximilian
210.245.26.9 nazis
211.110.139.179 backup
211.110.139.179 user1
211.137.13.185 nexus
211.195.229.66 mysql
211.224.55.238 ubuntu
211.253.29.114 nagios
211.75.141.112 vnc
213.108.129.161 admin
213.55.79.200 root
213.80.248.78 test
216.224.162.95 apache
216.66.91.10 admin
217.114.188.142 history
217.129.199.192 pi
218.145.31.179 dynip
218.17.23.10 backups
218.18.152.6 zabbix
218.206.69.40 jenkins
218.57.137.188 root
218.60.136.106 root
218.65.30.124 root
218.76.82.130 chimistry
218.86.28.150 www
219.111.9.97 test
219.239.97.72 nagios
220.132.238.76 matt
220.133.128.198 jira
220.174.236.220 mattw
220.189.211.78 test
220.248.229.85 postgres
221.141.3.53 wxbackp
221.161.235.169 bob
222.103.135.219 git
222.103.136.112 struct
222.103.136.182 noreply
222.112.220.43 root
222.133.69.84 admin
222.187.227.234 web
222.242.191.216 chef
223.66.102.10 root
223.86.3.51 tomcat
24.37.220.150 root
27.254.158.81 glassfish
27.77.50.221 hduser
31.221.2.185 root
31.223.225.7 root
31.47.198.108 browser
34.210.52.47 mysql
34.216.27.175 admin
36.66.133.145 guest
37.9.170.35 aldo
42.116.254.10 testuser
42.62.55.240 gpadmin
43.242.84.52 admin
43.242.84.52 im_user
45.112.125.26 changem
45.123.96.108 frappe
46.137.245.184 proatom
46.44.210.20 banktunnel
46.44.210.20 im_user
47.205.250.5 www
47.90.127.164 ftpuser
49.231.145.167 git
5.188.10.179 admin
50.235.128.185 root
50.35.173.178 db
51.254.123.31 ec2-user
51.255.166.189 root
52.172.158.43 admin
52.174.6.244 manager
52.174.6.244 usuario
52.27.123.30 bpadler
52.27.123.30 root
58.30.26.15 chef
59.120.35.74 admin1
59.127.249.30 root
59.60.9.236 oracle
60.190.51.66 dev
60.251.223.115 amssys
61.143.10.210 root
61.189.243.28 intp
61.191.100.164 nginx
65.183.143.12 admin
69.123.107.25 admin
69.159.244.95 root
69.74.202.65 ansible
73.142.152.88 root
74.219.121.230 app
75.127.147.2 test
75.81.102.50 db
77.222.101.149 snort
77.222.101.149 user01
77.42.156.235 admin
78.189.23.78 admin
79.189.189.58 admin
80.186.3.223 admin
80.241.208.60 apache
80.241.208.60 test
81.248.11.181 root
82.202.236.244 comercial
82.213.2.18 admin
83.239.171.157 test
83.48.106.35 root
84.55.161.158 admin
85.125.81.189 admin
88.99.175.137 root
88.99.175.137 user1
88.99.199.66 jboss
88.99.199.66 reiki-direkt
88.99.70.25 maximilian
88.99.70.25 office
90.182.204.52 andre
91.221.66.133 anonymous
91.221.66.133 office
93.146.200.99 ts3
93.150.62.106 support
93.64.209.250 student4
94.138.183.252 guest
94.72.4.189 pi
95.160.63.17 support
96.9.241.234 guest
96.9.241.234 qhsupport
</pr"