Commands by JohnQUnknown (2)

  • This command shows a sorted list of the IP addresses from which there have been authentication errors via SSH (possible script kiddies trying to gain access to your server), it eliminates duplicates so it's easier to read, but you can remove the "uniq" command at the end, or even do a "uniq -c" to have a count of how many times each IP address shows in the log (the path to the log may vary from system to system) Show Sample Output


    2
    cat /var/log/auth.log | grep -i "pam_unix(sshd:auth): authentication failure;" | cut -d' ' -f14,15 | cut -d= -f2 | sort | uniq
    JohnQUnknown · 2011-10-25 04:58:09 8
  • Provides a cleaner output plus some more details about the IP address. Also, a flaw was corrected where the URL provided the results in Spanish by default. Show Sample Output


    0
    function geoip() { curl -s "http://www.geoiptool.com/en/?IP=$1" | html2text | egrep --color "IP Address:|Country:|City:|Longitude:|Latitude:|Host Name:" }
    JohnQUnknown · 2011-10-25 04:49:25 3

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Replace Every occurrence of a word in a file
Replace 'this' with 'that'

List files with quotes around each filename

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Convert from a decimal number to a binary number

Generate a Change Log with git
Generate a changelog between the v1 and v2 tags

Find the dates your debian/ubuntu packages were installed.
Find when debian packages were installed on a system.

To find the LDAP clients connected to LDAP service running on Solaris

use the real 'rm', distribution brain-damage notwithstanding
The backslash avoids any 'rm' alias that might be present and runs the 'rm' command in $PATH instead. In a misguided attempt to be more "friendly", some Linux distributions (or sites/etc.) alias 'rm' to 'rm -i'. Unfortunately, this trains users to expect that files won't actually be deleted until they okay it. This expectation will fail with catastrophic results when they use other distributions, move to other sites, etc., and doesn't really even work 100% even with the alias. It's too late to fix 'rm', but '\rm' should work everywhere (under bash).

list block devices
Shows all block devices in a tree with descruptions of what they are.

Test http request every second, fancy display.
Use the command watch, which is really hard to pass nested quotes to, and insert newlines where they are supposed to go in the HTTP request. that is after 1.1 after the host and two newlines at the end before the EOF. i use this all day what? no support for HEREDOCs on commandlinefu's interface? need more fu.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: