1

I found a couple of useful commands over at http://centoshelp.org/security/securing-sshd/
Namely, the two that parse /var/log/secure to check attacked accounts/attacking IPs
I would really love to convert them to a simpler command that I can run with su, rather than trying to remember them.
I've tried shell scripts as well as a direct awk script, but I always get various errors, usually to do with the single quotations it seems, sometimes syntax though (depending on what combination of double quotes and single quotes I use or omit).

awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure* | sort | uniq -c | sort -rn | head -5

awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/secure* | sort | uniq -c | sort -rn | head -5

I can't seem to get the combination right, so any help would be much appreciated.

Improve this question
7
  • Always surround anything that should be ignored by the shell, such as your snippet of awk code, in single quotes. Single-quoted text is not treated in any special way by the shell. Double quoted text is interpolated, however, so you have to be careful there. Commented Jun 26, 2012 at 10:46
  • It wwould be helpful if you said what the errors were for each example. Commented Jun 26, 2012 at 10:53
  • Ahh, well, surround the entire piece of code in single quotes provides this; top5accounts.sh: line 2: syntax error near unexpected token `".*sshd.*Failed password for (invalid user )?",' Commented Jun 26, 2012 at 10:59
  • @FizzBuzz: Your command as posted looks fine to me as is, I don't understand where your error comes from. Please tell me you are not enclosing one of the above lines in quotes! Commented Jun 26, 2012 at 11:00
  • 3
    Why are you adding more quotes? That's not the correct thing to do. Commented Jun 26, 2012 at 11:06

1 Answer 1

Reset to default
1

The best way to convert something to a simple command when it can't be further simplified directly is to create a script or function. Put the former in a directory in your PATH or the latter in a file such as ~/bin/functions which you source from your ~/.bashrc.

Sometimes this isn't possible or practical, but something like AutoKey can enter it for you from a shortcut you designate without the need to memorize the full command.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes I know...that's the whole point of my question. I want to go from those huge commands to something like "sh top5accounts.sh"
@FizzBuzz: Save one of the commands exactly as shown in your question with no additional quotes in a file of that name and you're done. You could also make the first line be #!/bin/bash and do chmod u+x top5accounts and you'll be able to run the script without putting sh at the beginning. It's recommended that you not use .sh at the end of your script names. Later, if you rewrite a script in another language, it won't make sense if it's called foo.sh.
Aaaand apparently I've been derping this whole time...Tried making it into a .sh file with #!/bin/sh for the first line and it worked -_- My bad!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.