LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-13-2008, 05:28 PM   #1
nick_astn
LQ Newbie
 
Registered: Aug 2008
Posts: 1

Rep: Reputation: 0
Create a Linix script that prints out all failed login attempts.


I am extremely new to Linux and and scripting but I am trying to create a Linux script that will simply keep track of all the failed login attempts and print of that information every morning. I was reading up on the faillog and wondering if that will work for what I want. Also I know you have to declare you variables before you write any of the code. Im just kinda stumped on how to begin with tihs. If anyone has some good help or even sites that may help me do this. I also want to understand what each line in the script. It does me no good learning wise unless I gain the how to aspect. Thanks a lot for any help.
 
Old 08-13-2008, 05:37 PM   #2
kuser:)
Member
 
Registered: Sep 2005
Location: U.S., Illinois
Posts: 130

Rep: Reputation: 18
Maybe this'll help you:
http://www.linuxquestions.org/questi...ttempts+script
 
Old 08-13-2008, 05:40 PM   #3
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
It depends a bit on what you want exactly.

Logwatch, for example, send me a report each day and includes various authorization failures, although this includes ftp, ssh and others,

Depending on your distro, a simple script to grep /var/log/secure (that's my relevant log), so something like

grep "authentication failure" /var/log/secure | grep "sshd:auth" | grep "Aug 14"

But as I said, depends what you want
 
Old 08-13-2008, 05:56 PM   #4
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
You didn't specify your distro, but you should already have that information available. Commonly it would be in /var/log/auth.log.

You might want to filter that log using grep to obtain only the failed attempts. How to filter it depends on the exact syntax you are looking for; best thing to do is do an incorrect login, then a correct login, and look at how it is handled in the log.

In my system, I would grep for the string "FAILED LOGIN" for local logins and strings like "Invalid user" or "BREAK-IN ATTEMPT" or "Failed password" or "User not allowed" for people trying to break in via ssh.

Last edited by jiml8; 08-13-2008 at 05:57 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
script to keep 'count' of failed login attempts hattori.hanzo Linux - Newbie 7 04-02-2008 10:23 PM
How to set delay between failed login attempts? handydan MEPIS 2 02-24-2007 11:08 PM
Constant failed login attempts... seanferd Linux - Security 8 11-09-2006 08:42 AM
Timeout between failed login attempts wuicci Linux - Security 3 06-01-2006 04:40 AM
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 03:22 PM


All times are GMT -5. The time now is 10:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration