As I am letting my personal computer always on, as a homelinux server, I decided to check if someone is trying to breaking in with SSH brute force attacks.
First I did a grep for fail at the /var/log/auth.log. (grep -i /var/log/auth.log)
And I got lots of lines with the string "fail". With [grep -i /var/log/auth.log | wc -l] I figured out that were 1164 fail entries at auth.log
With an [grep -i fail auth.log | cut -d " " -f 6 | sort | uniq] I checked that were two kind of failed attempts: Failed pam_unix(sshd:auth):
So I wrote the following line to check with which users they were attempting to log: grep Failed auth.log | cut -d " " -f 11 | sort | uniq | while read line ; do echo -n $line" "; grep $line auth.log | wc -l; done | sort -n -k 2
Here, the field position (the number 11 at the above command lines [-f 11]) may change in some systems. At my desktop at work, the username came at the position 9.
In my post "Plotting memory usage on console" the chart doesn't pan the data.
Now, using a named pipe, the effect got a little bit nicer.
First, we have to run the memUsage.sh script to get a file filled with memory usage info: ./memUsage.sh > memUsage.dat &
Then we have to create a named pipe: mkfifo pipe
Now we have to run another process to tail only the last 64 lines from the memUsage.dat while [ 1 ]; do tail -64 memUsage.dat> pipe; done &
And now we just have to plot the data from the pipe: watch -n 1 'gnuplot -e "set terminal dumb;p \"pipe\" with lines"'
And that is it!