R
Rob
Guest
The /var/log/btmp file shows you failed logins. you can use last to read it:
or simply just use lastb
Then spice it up a little bit ...
Show the top 10 IPs with failed logins (first column is failed # of tries, then 2nd column is the IP)
Show the top 10 usernames with failed logins
Code:
last -f /var/log/btmp
or simply just use lastb
Code:
lastb
Then spice it up a little bit ...
Show the top 10 IPs with failed logins (first column is failed # of tries, then 2nd column is the IP)
Code:
lastb | awk '{print $3}' | sort | uniq -c | sort -rn | head -10
Show the top 10 usernames with failed logins
Code:
lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -10