Re:Ask Slashdot (Score:4, Interesting)
by armanox (826486) <asherewindknight@yahoo.com> on Sunday October 04, @11:56PM (#29640677) Homepage Journal
I see a lot of seemingly valid logins (could be valid, but not on my system...)
Running awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure* | sort | uniq -c | sort -rn | head -10'> yields
279 root
20 test
19 admin
9 john
9 guest
8 PlcmSpIp
7 oracle
7 info
6 webmaster
6 mysql
so, we have 6 that often are valid, a very common name, two that almost could be valid (info and webmaster), and one nonsense. Only one account on that system has ssh allowed, and it's certainly not root.
Aldaba Knocking Suite: Port Knocking and SPA system for Linux