So here I was constantly checking the logs for any alerts to SSHD service. The command I would run is something simple, "tail /var/log/messages | grep sshd".
The results would typically something as simple as a few lines but it would be important to keep up on. Here's an example.
$ tail /var/log/messages | grep sshd
Nov 25 03:13:59 server1 sshd[927]: error: PAM: authentication error for user from 192.168.1.100
Nov 25 03:14:06 server1 sshd[927]: error: PAM: authentication error for user from 192.168.1.100
Nov 25 05:50:25 server1 sshd[1299]: error: PAM: authentication error for illegal user root from 192.168.1.100
Now this is kinda of a long command to type out each time, I was wondering if I could just type something shorter?
Here's where the alias command comes into play. From your terminal, you can type "alias" and find out what are your current alias commands.
$ alias
g='egrep -i'
h='fc -l'
j=jobs
l='ls -l'
ll='ls -laFo'
m=more
We're now going to add our search command as listed above, but make an alias to "searchsshd".
$ alias searchsshd='tail /var/log/messages | grep sshd'
Now, when we type "searchsshd" we get the following.
$ tail /var/log/messages | grep sshd
Nov 25 03:13:59 server1 sshd[927]: error: PAM: authentication error for user from 192.168.1.100
Nov 25 03:14:06 server1 sshd[927]: error: PAM: authentication error for user from 192.168.1.100
Nov 25 05:50:25 server1 sshd[1299]: error: PAM: authentication error for illegal user root from 192.168.1.100
Nov 25 03:13:59 server1 sshd[927]: error: PAM: authentication error for user from 192.168.1.100
Nov 25 03:14:06 server1 sshd[927]: error: PAM: authentication error for user from 192.168.1.100
Nov 25 05:50:25 server1 sshd[1299]: error: PAM: authentication error for illegal user root from 192.168.1.100
Pretty cool!
Rob
No comments:
Post a Comment