吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 2953|回复: 56
收起左侧

[讨论] 【bash】小学生学看登录日志

  [复制链接]
djwdj 发表于 2023-3-19 14:39

centos7.9

登录日志文件:/var/log/secure

看登录失败

grep "Failed password for invalid user" /var/log/secure

Mar 19 12:46:52 UAqiUf33838 sshd[5172]: Failed password for invalid user admin from 94.156.161.57 port 43222 ssh2
Mar 19 12:46:56 UAqiUf33838 sshd[5174]: Failed password for root from 94.156.161.57 port 44154 ssh2
Mar 19 12:47:00 UAqiUf33838 sshd[5176]: Failed password for invalid user lenovo from 94.156.161.57 port 45090 ssh2
Mar 19 12:47:04 UAqiUf33838 sshd[5178]: Failed password for invalid user sugon from 94.156.161.57 port 46028 ssh2
Mar 19 12:47:08 UAqiUf33838 sshd[5180]: Failed password for invalid user inspur from 94.156.161.57 port 46956 ssh2
Mar 19 12:47:12 UAqiUf33838 sshd[5182]: Failed password for invalid user test from 94.156.161.57 port 47890 ssh2
Mar 19 12:47:16 UAqiUf33838 sshd[5184]: Failed password for root from 94.156.161.57 port 48824 ssh2
Mar 19 12:47:21 UAqiUf33838 sshd[5186]: Failed password for root from 94.156.161.57 port 49760 ssh2
Mar 19 12:47:25 UAqiUf33838 sshd[5188]: Failed password for invalid user inspur from 94.156.161.57 port 50692 ssh2
Mar 19 12:47:28 UAqiUf33838 sshd[5191]: Failed password for invalid user ubuntu from 94.156.161.57 port 51622 ssh2
Mar 19 12:47:34 UAqiUf33838 sshd[5193]: Failed password for root from 94.156.161.57 port 52560 ssh2
Mar 19 12:47:38 UAqiUf33838 sshd[5195]: Failed password for invalid user dell from 94.156.161.57 port 53490 ssh2
Mar 19 12:47:44 UAqiUf33838 sshd[5197]: Failed password for root from 94.156.161.57 port 54420 ssh2
Mar 19 12:47:47 UAqiUf33838 sshd[5199]: Failed password for invalid user lthpc from 94.156.161.57 port 55362 ssh2
Mar 19 12:47:51 UAqiUf33838 sshd[5201]: Failed password for invalid user lthpc from 94.156.161.57 port 56276 ssh2

可以简单点,可能会混入非ssh的日志

grep Failed /var/log/secure

看最后10行

grep Failed /var/log/secure | tail

看最后20行

grep Failed /var/log/secure | tail -20

筛选出ip,用户名

grep "Failed password for invalid user" /var/log/secure | awk '{print $13" "$11}'

统计

grep "Failed password for invalid user" /var/log/secure | awk '{print $13" "$11}' | sort | uniq -c | sort -nr

sort排序,-n根据数字排序,-r将结果倒序排列
uniq显示或忽略重复的行。-c在每行开头增加重复次数。

输出:

 14 94.156.161.57 inspur

12 94.156.161.57 sugon
11 94.156.161.57 dell
10 94.156.161.57 ubuntu
9 94.156.161.57 ps

查看最后10行带时间

grep "Failed password for invalid user" /var/log/secure | awk '{ print $3"\t"$13" "$11}' | tail -10

看登录成功的

grep "Accepted" /var/log/secure

免费评分

参与人数 13吾爱币 +10 热心值 +7 收起 理由
xyl52p + 1 谢谢@Thanks!
HongRuiZhong + 1 我很赞同!
cntjgaowei + 1 + 1 谢谢@Thanks!
QQ266425 + 1 热心回复!
shengruqing + 1 用心讨论,共获提升!
DarkOps + 1 我很赞同!
lgc81034 + 1 谢谢@Thanks!
canfeng0522 + 1 + 1 我很赞同!
sheratan + 1 我很赞同!
9324 + 1 热心回复!
zxc0011 + 1 + 1 我很赞同!
zhao10086 + 1 + 1 谢谢@Thanks!
capone + 1 谢谢@Thanks!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

zero57 发表于 2023-3-20 17:23
应急响应知识点,顺便贴一下,常规日志的目录:
日志都放在这里面/var/log/下
系统报错日志:/var/log/messages
邮件系统日志:/var/log/maillog
FTP系统日志:/var/log/xferlog
用户的登录记录:/var/log/wtmp
当前登录的全部用户:/var/run/utmp
查看所有失败登录信息:/var/log/btmp
安全信息和系统登录与网络连接的信息:/var/log/secure
rainerosion 发表于 2023-3-19 14:48
xianggu 发表于 2023-3-19 15:02
travel1996 发表于 2023-3-19 15:13
非常的不錯,感謝分享
alaben 发表于 2023-3-19 15:54
感谢分享
180652397 发表于 2023-3-19 15:57
感謝分享
头像被屏蔽
yuanjufeng 发表于 2023-3-19 16:02
提示: 作者被禁止或删除 内容自动屏蔽
HUAJIEN 发表于 2023-3-19 16:06
感谢分享
kl0123 发表于 2023-3-19 16:19
感谢分享
milo2050 发表于 2023-3-19 16:56
感谢分享
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 16:08

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表