Question: I need help with using grep to extract only the ip addresses that have the string Failed password from a file called auth.log. I don't
I need help with using grep to extract only the ip addresses that have the string "Failed password" from a file called auth.log. I don't see an option to attach a file, so I post some parts of the file to show what is in it. I am using a Mac's terminal to for this assignment.
; 6 > 3 Feb 2 10:53:05 www sshd[2064]: message repeated 2 times: [ Failed password for root from 153.99.182.6 port 62535 ssh2] Feb 2 10:53:06 www sshd[2064]: Received disconnect from 153.99.182.6: 11: [preauth] Feb 2 10:53:06 www sshd[2064]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.99.182.6 user=root Feb 2 10:53:06 www sshd[2068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.194.229.40 user=root Feb 2 10:53:08 www sshd[2068]: Failed password for root from 122.194.229.40 port 5136 ssh2 Feb 2 10:53:09 www sshd[2070]: reverse mapping checking getaddrinfo for 79.145.195.113.adsl-pool.jx.chinaunicom.com [113.195.145.79] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 2 10:53:09 www sshd[2070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.195.145.79 user=root Feb 2 10:53:11 www sshd[2070]: Failed password for root from 113.195.145.79 port 33389 ssh2 Feb 2 10:53:13 www sshd[2062]: message repeated 5 times: [ Failed password for root from 113.195.145.79 port 19885 ssh2] Feb 2 10:53:13 www sshd[2062]: error: maximum authentication attempts exceeded for root from 113.195.145.79 port 19885 ssh2 [preauth]
What I posted above is part of the file I would need to use. I just need a grep expression to get the IP addresses that have the string Failed password as stated at the top.
Thank you.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help