Commands by sgowie (1)

  • The lastb command presents you with the history of failed login attempts (stored in /var/log/btmp). The reference file is read/write by root only by default. This can be quite an exhaustive list with lots of bots hammering away at your machine. Sometimes it is more important to see the scale of things, or in this case the volume of failed logins tied to each source IP. The awk statement determines if the 3rd element is an IP address, and if so increments the running count of failed login attempts associated with it. When done it prints the IP and count. The sort statement sorts numerically (-n) by column 3 (-k 3), so you can see the most aggressive sources of login attempts. Note that the ':' character is the 2nd column, and that the -n and -k can be combined to -nk. Please be aware that the btmp file will contain every instance of a failed login unless explicitly rolled over. It should be safe to delete/archive this file after you've processed it. Show Sample Output


    1
    sudo lastb | awk '{if ($3 ~ /([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/)a[$3] = a[$3]+1} END {for (i in a){print i " : " a[i]}}' | sort -nk 3
    sgowie · 2012-09-11 14:51:10 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Localize provenance of current established connections
Sample command to obtain a list of geographic localization for established connections, extracted from netstat. Need geoiplookup command ( part of geoip package under CentOS)

How to estimate the storage size of all files not named *.[extension] on the current directory
With this sentence we can estimate the storage size of all files not named *.jpg on the current directory. The syntax is based on Linux, for Unix compliance use: find ./* -prune ! -name '*.jpg' -ls |awk '{TOTAL+=$7} END {print int(TOTAL/(1024^2))"MB"}' We can change the jpg extension for whatever extension what we need

Change the window title of your xterm
If you are using an xterm emulation capable terminal emulator, such as PuTTY or xterm on Linux desktop, this command will replace the title of that terminal window. I know it is not nice to have seventeen terminals on your desktop with title PuTTY, you can not tell which one is connected to which server and doing what. Even though the string between the quotes is typed as literals, it needs a little more finesse to make it work. Here is how it is done key-by-key: echo "( ctrl-v then ctrl-[ )0;Enter_Title_String_Here( ctrl-v then ctrl-g )"( enter ) ctrl-v : means hold down ctrl key and hit v at the same time like you are pasting in windoze ; also please don't type the parentheses, i.e., ( and )

Nicely display permissions in octal format with filename
Nicely display permissions in octal format and filename for a given directory

Create md5sum of files under the current dir excluding some directories
Useful if you want get all the md5sum of files but you want exclude some directories. If your list of files is short you can make in one command as follow: $ find . -type d \( -name DIR1 -o -name DIR2 \) -prune -o -type f -exec md5sum {} \; Alternatively you can specify a different command to be executed on the resulting files.

Get the ip registered to a domain on OpenWRT
I use this in a script on my openwrt router to check if my DynDNS needs to be updated, saves your account from being banned for blank updates.

Suspend to ram
Using sys

Verify/edit bash history command before executing it
Bash history commands are those that begin with the character ! (eg. the most popular 'sudo !!' Explained here => http://www.commandlinefu.com/commands/view/13). By default bash immediately executes the history command. Setting this shell option will make bash first allow you to verify/edit an history command before executing it. To set this option permanently, put this command in ~/.profile or ~/.bashrc file. To unset this option issue following command. $shopt -u histverify

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

mp3 streaming


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: