The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How I can take the history IP of ALL access log as ROOT?

Discussion in 'Security' started by 000, Sep 29, 2013.

  1. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    some commands please:

    1// How I can take the history IP of ALL access log as ROOT? (without repeat IP)
    2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)

    ...the problem is into [/var/log/] exist multiple files [secure-*] and too [messages-*]

    but the maximum problem:

    I unknow all about BASH.

    Thanks
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Please try with the following command, You will get the root user access IP list

    Code:
    grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate on which type of attacks you are referring to? For instance, are you looking for brute force attempt logs?

    Thank you.
     
  4. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Guao !!!...

    This GREATH !!!, Beautifull !!

    THANKS :D

    Run PERFECT.

    You command list ALL history IP of access as ROOT into server !

    I have one more:

    This beautifull command:
    Code:
    watch -n.9 'netstat -tup'
    show Actives IPS into server.

    Is possible edit and then show count/user of server ?

    Thanks newly.
     
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Thanks,

    You can use following netstat command on your server

    Code:
    netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
     
  6. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Thanks 24x7server.

    The command
    watch -n.9 'netstat -tup'
    refresh window each 9 seconds, show info automaticlly, but no show 2 imprtant columns:

    * USER or COUNT where remote connection work
    (only show the programm as by example HTTP, or PHP, or FTP), but
    connection is over... x.com? or z.com?

    * no show IP, only hostname remote:
    alum-ainavillo.ccp.gw
    a06-10-01.opera-mini
    static-69-64.nokia.ne
    etc...


    is possible show IP (no hostname) and show USER /COUNT whitout lost this important "autorefresh"?

    You command
    netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
    no show USER/COUNT where x connection is working.

    Thanks by you help
     
Loading...

Share This Page