On a linux machine all the failed ssh logins go to a log file in /var/log/btmp. So the question being, How do we see this information in a nice understandable format. We could just use the cat utility like so cat /var/log/btmp. After 10 minutes of your linux box spewing out a bunch of junk to your terminal you’ll understand why this is a bad thing. There is a utility called last it is used to see the people who were last logged in. Type last -10. The output is useful but it isn’t useful for our purposes. We want to see the bad logins not the good logins. It just so happens the last utility accepts a filename parameter. Type last -10 -f /var/log/btmp. Voila! This is exactly what we want to see. You can change the -10 to any number you want and it will show you that number of bad logins. Let’s put this into an alias in our bash profile. You need to navigate to your bash profile, mine is in /root/.bash_profile. Use a text editor like vi or my favorite mc. Add the following line to the script alias bad='last -10 -f /var/log/btmp. Save it, log out and log back in. Now you can just type bad and it will output what you want! Please leave a comment if this helped you, or if you have a better way of doing it.
No related posts.
It’s a beauty!