Spickblatt

Das Nutzen, Vervielfältigen, Ändern, und Verbreiten dieser Kommandos ist gestattet.

# ipset list | head

# cat /etc/os-release

# cat /var/log/secure | grep <Internetprotokolladresse>

# truncate --size=0 /var/log/secure

# cat /var/log/auth.log | grep <Internetprotokolladresse>

# truncate --size=0 /var/log/auth.log

# journalctl -u ssh -o cat --since yesterday | grep <Internetprotokolladresse>

$ cat Zeilen.txt | cut -d " " -f 1 | sort | uniq

# bash Blockierliste.sh

Slackware 15.0

# cat /var/log/secure | grep "Failed password for invalid user" | cut --delimiter=" " --fields=13 > tmp

# cat /var/log/secure | grep "Failed password for root from" | cut --delimiter=" " --fields=11 >> tmp

# cat /var/log/secure | grep "]: Connection reset by" | cut --delimiter=" " --fields=9 >> tmp

# cat /var/log/secure | grep "Unable to negotiate with" | cut --delimiter=" " --fields=10 >> tmp

# cat /var/log/secure | grep "Disconnected from authenticating user root " | cut --delimiter=" " --fields=12 >> tmp

# cat /var/log/secure | grep "Invalid user from" | cut --delimiter=" " --fields=10 >> tmp

# cat tmp | sort | uniq

# rm --force tmp

Alternative: Slackware 15.0

# cat /var/log/secure | grep "Failed password for invalid user" | cut --delimiter=" " --fields=14 > tmp

# cat /var/log/secure | grep "Failed password for root from" | cut --delimiter=" " --fields=12 >> tmp

# cat /var/log/secure | grep "Invalid user from" | cut --delimiter=" " --fields=11 >> tmp

# cat tmp | sort | uniq

# rm --force tmp

Debian 12

# cat /var/log/auth.log | grep "Failed password for invalid user" | cut --delimiter=" " --fields=11 > tmp

# cat /var/log/auth.log | grep "Failed password for root from" | cut --delimiter=" " --fields=9 >> tmp

# cat tmp | sort | uniq

# rm --force tmp

Debian 12

# cat /var/log/auth.log | grep ": Unable to negotiate with " | cut --delimiter=" " --fields=8 > tmp

# cat /var/log/auth.log | grep ": Disconnected from authenticating user root " | cut --delimiter=" " --fields=9 >> tmp

# cat /var/log/auth.log | grep ": Disconnected from invalid user " | cut --delimiter=" " --fields=9 >> tmp

# cat tmp | sort | uniq

# rm --force tmp

Debian 13

# journalctl -u ssh -o cat --since yesterday | grep "Failed password for invalid user" | cut --delimiter=" " --fields=8 > tmp

# journalctl -u ssh -o cat --since yesterday | grep "Failed password for root from" | cut --delimiter=" " --fields=6 >> tmp

# journalctl -u ssh -o cat --since yesterday | grep "Invalid user " | cut --delimiter=" " --fields=5 >> tmp

# cat tmp | sort | uniq

# rm --force tmp