Feb 03

Top 10 IPs Trying to SSH into Your Server with Invalid User

I was playing around with fail2ban (probably an upcoming article) today and wanted to share a one-liner for viewing the top ten ips trying to ssh into your server. Here’s the code.

IPs Trying to SSH into Your Server

top ten ips trying to ssh into your server

# cat /var/log/messages | grep "Invalid user" | sed 's/.*from \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)/\1/' | uniq -dc | sort -r | head -n 10
  19285 124.248.35.124
  18263 221.226.219.61
  10899 85.32.165.195
   8993 124.248.35.124
   8493 200.251.193.130
   5391 200.251.193.130
   5225 125.89.78.6
   4247 221.239.81.82
   4182 220.250.12.11
   3876 216.120.248.174

Explanation

cat
change this to wherever your sshd logs
grep
match the “Invalid user” string … which is what sshd prints
sed
pull out the ip address only. This is probably not the most elegant patten, but it works.
uniq
I didn’t even know this was on my system. It will (with the -dc flags) count duplicates in a list
sort
sort the list of ips in reverse (most entries per ip first)
head
keep the top ten (or whatever you choose)

IPs Trying to SSH into Your Server with whois Information

Here is a slightly more complex version that will run a whois search on each ip and send the results to less.

Viewing info for ips

# for domain in `cat /var/log/messages | grep "Invalid user" | sed 's/.*from \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)/\1/' | uniq -dc | sort -r | head -n 10 | sed 's/.*[0-9]* //'`; do whois "$domain"; done | less

Enjoy.

Permanent link to this article: http://gentoovps.net/ips-trying-to-ssh-into-your-server/

Jan 20

tab complete ssh host

tab complete ssh host

tab complete ssh host

I ran across this accidentally the other day. Apparently, you can tab complete your host after you use the @ character. I cannot speak to other shells, but this works in bash and is quite useful for typing out ssh commands etc.

tab complete ssh host

$ ssh rot@[tab tab]
$ ping @[tab tab]

Permanent link to this article: http://gentoovps.net/tab-complete-ssh-host/

Jan 06

mplayer play directories recursively

Can mplayer play directories recursively? Yes. Here is the one liner using find and mplayer.

mplayer play directories recursively

code

$ find {$DIR01,$DIR02,$DIR03} \( -iname "*\.mp3" \) -exec mplayer -loop 0 -shuffle '{}' +

Find will recursively search the directories listed (here as $DIR01,$DIR02, and $DIR03) searching for the text ".mp3" (with a case insensitive search). All of the results are passed to mplayer. I’ve also added the "loop 0" and "shuffle" flags.

You could also replace mplayer with another command. This leverages find’s ability to executive a command using the located files as a parameter list. You can also use the large collection of find flags to narrow your results to exactly what you need. Hopefully this is helpful.

Permanent link to this article: http://gentoovps.net/mplayer-play-directories-recursively/

Dec 25

Christmas 2013

gentoo happy holidays

Thanks for another great year of learning and sharing.

Permanent link to this article: http://gentoovps.net/christmas-2013-2/

Dec 23

ls multiple file types

Here is a bash one-liner to list multiple file types or extensions using ls.

ls multiple file types

$ ls *.{txt,html}

The above command will match all txt and html files in the current directory.

Permanent link to this article: http://gentoovps.net/ls-multiple-file-types/