I am extremely new to Linux and and scripting but I am trying to create a Linux script that will simply keep track of all the failed login attempts and print of that information every morning. I was reading up on the faillog and wondering if that will work for what I want. Also I know you have to declare you variables before you write any of the code. Im just kinda stumped on how to begin with tihs. If anyone has some good help or even sites that may help me do this. I also want to understand what each line in the script. It does me no good learning wise unless I gain the how to aspect. Thanks a lot for any help.

Maybe this'll help you:
http://www.linuxquestions.org/questi...ttempts+script

It depends a bit on what you want exactly.

Logwatch, for example, send me a report each day and includes various authorization failures, although this includes ftp, ssh and others,

Depending on your distro, a simple script to grep /var/log/secure (that's my relevant log), so something like

grep "authentication failure" /var/log/secure | grep "sshd:auth" | grep "Aug 14"

But as I said, depends what you want

You didn't specify your distro, but you should already have that information available. Commonly it would be in /var/log/auth.log.

You might want to filter that log using grep to obtain only the failed attempts. How to filter it depends on the exact syntax you are looking for; best thing to do is do an incorrect login, then a correct login, and look at how it is handled in the log.

In my system, I would grep for the string "FAILED LOGIN" for local logins and strings like "Invalid user" or "BREAK-IN ATTEMPT" or "Failed password" or "User not allowed" for people trying to break in via ssh.