linux ssh secure 查看登录日志，获取登录失败的地址

ECS信息

规格：2vCPUs | 4GiB | kc1.large.2

镜像：openEuler 20.03 64bit with ARM | 公共镜像

linux ssh secure 查看登录日志，获取登录失败信息

# cd /var/log # ls -lh | grep secure -rw-------. 1 root root 5.3M Oct 6 19:58 secure -rw------- 1 root root 4.3M Oct 2 03:12 secure-20211002 # stat secure File: secure Size: 5546688 Blocks: 10848 IO Block: 4096 regular file Device: fd02h/64770d Inode: 657617 Links: 1 Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2021-10-06 19:59:18.103630401 +0800 Modify: 2021-10-06 19:58:38.538911690 +0800 Change: 2021-10-06 19:58:38.538911690 +0800 Birth: 2020-05-18 10:35:20.984000000 +0800

IP部分已隐藏

# cat secure | grep "authentication failure" > /home/ssh_authentication_failure.txt # head ssh_authentication_failure.txt -n 5 Oct 2 03:13:42 ecs-4eee sshd[18747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXX Oct 2 03:16:13 ecs-4eee sshd[18758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXX Oct 2 03:18:48 ecs-4eee sshd[18760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXX Oct 2 03:21:17 ecs-4eee sshd[18763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXX Oct 2 03:23:55 ecs-4eee sshd[18766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.XXX.XXX # wc -l ssh_authentication_failure.txt 28697 ssh_authentication_failure.txt

使用python提取其中的ip地址

import re regex = re.compile("rhost=(.+\d)") ip_list = [] with open("ssh_authentication_failure.txt", "r") as file: while True: log = file.readline() if len(log) == 0: break ip_list.extend(regex.findall(log)) black_ip_list = list(set(ip_list)) for ip in black_ip_list: print(ip) print(len(ip_list)) print(len(black_ip_list))

......部分截取 + 地址已隐藏 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX 28697 108

生成地址名单后，就该考虑安全加固的事情了

学习资料

弹性云服务器 ECS

openEuler-官网

openEuler-B站

openEuler-慕课

openEuler-文档

鲲鹏社区

欢迎各位同学一起来交流学习心得^_^

Linux openEuler

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。