Friday, March 12, 2010

Detect intrusion attacks on Linux

grep "Invalid" /var/log/auth.log | grep -i ssh | awk '{a[$1$2]++}END{for (i in a){print i " " a[i]}}'

Thanks Marco!