CSF - Check for Attacks through analysis of the LFD logs / messages logs

12/04/2021 10:56 AM
- VPS / Dedicated Servers

grep TCP_IN /var/log/messages | awk -F"SRC=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
grep TCP_OUT /var/log/messages | awk -F"DST=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n</code>

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
If you would then like to only output the last ‘x’ number of lines, you can use tail…</code>

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
grep TCP_IN /var/log/messages | awk -F"SRC=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | tail -20</code></code>

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
grep TCP_OUT /var/log/messages | awk -F"DST=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | tail -20</code></code></code>

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
You are then able to use this to block those IP addresses in your CSF…</code></code>

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
for ip in $(grep TCP_IN /var/log/messages | awk -F"SRC=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | tail -20 | awk '{print $2}'); do csf -d $ip; done;</code></code></code>

<code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;"><code dir="ltr" style="color:rgb(51,51,51);background:rgb(248,248,248);padding-top:0.2em;padding-bottom:0.2em;font-family:monospace;font-size:13px;">
for ip in $(grep TCP_OUT /var/log/messages | awk -F"DST=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | tail -20 | awk '{print $2}'); do csf -d $ip; done;</code></code></code>

Share via

Did you find this article useful?

CSF - Check for Attacks through analysis of the LFD logs / messages logs

Related Articles

Categories

Tags

Related Articles

Installing WHMCS through Softaculous

How do I sell domain names through WHMCS?

Monitor visitors that are logged into your site through FTP using cPanel