Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 08-13-2008, 06:28 PM   #1
LQ Newbie
Registered: Aug 2008
Posts: 1

Rep: Reputation: 0
Create a Linix script that prints out all failed login attempts.

I am extremely new to Linux and and scripting but I am trying to create a Linux script that will simply keep track of all the failed login attempts and print of that information every morning. I was reading up on the faillog and wondering if that will work for what I want. Also I know you have to declare you variables before you write any of the code. Im just kinda stumped on how to begin with tihs. If anyone has some good help or even sites that may help me do this. I also want to understand what each line in the script. It does me no good learning wise unless I gain the how to aspect. Thanks a lot for any help.
Old 08-13-2008, 06:37 PM   #2
Registered: Sep 2005
Location: Olsztyn, Poland
Distribution: Slackware 14.1
Posts: 167

Rep: Reputation: 35
Maybe this'll help you:
Old 08-13-2008, 06:40 PM   #3
LQ Guru
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
It depends a bit on what you want exactly.

Logwatch, for example, send me a report each day and includes various authorization failures, although this includes ftp, ssh and others,

Depending on your distro, a simple script to grep /var/log/secure (that's my relevant log), so something like

grep "authentication failure" /var/log/secure | grep "sshd:auth" | grep "Aug 14"

But as I said, depends what you want
Old 08-13-2008, 06:56 PM   #4
Senior Member
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 115Reputation: 115
You didn't specify your distro, but you should already have that information available. Commonly it would be in /var/log/auth.log.

You might want to filter that log using grep to obtain only the failed attempts. How to filter it depends on the exact syntax you are looking for; best thing to do is do an incorrect login, then a correct login, and look at how it is handled in the log.

In my system, I would grep for the string "FAILED LOGIN" for local logins and strings like "Invalid user" or "BREAK-IN ATTEMPT" or "Failed password" or "User not allowed" for people trying to break in via ssh.

Last edited by jiml8; 08-13-2008 at 06:57 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
script to keep 'count' of failed login attempts hattori.hanzo Linux - Newbie 7 04-02-2008 11:23 PM
How to set delay between failed login attempts? handydan MEPIS 2 02-25-2007 12:08 AM
Constant failed login attempts... seanferd Linux - Security 8 11-09-2006 09:42 AM
Timeout between failed login attempts wuicci Linux - Security 3 06-01-2006 05:40 AM
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 04:22 PM

All times are GMT -5. The time now is 05:42 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration