Monitoring user logins to find intruders

Logfiles can be used to gather details about the state of the system. Here is an interesting scripting problem statement:

We have a system connected to the Internet with SSH enabled. Many attackers are trying to log in to the system, and we need to design an intrusion detection system by writing a shell script. Intruders are defined as users who are trying to log in with multiple attempts for more than two minutes and whose attempts are all failing. Such users are to be detected, and a report should be generated with the following details:

User account to which a login is attempted
Number of attempts
IP address of the attacker
Host mapping for the IP address
Time for which login attempts were performed

Getting ...

Get Linux Shell Scripting Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Linux Shell Scripting Cookbook - Second Edition by Shantanu Tushar, Sarath Lakshman

Monitoring user logins to find intruders

Getting ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly