con estos comandos podemos visualizar que usuarios han intentado ingresar a la maquina
#funciona hast debian buster
cat /var/log/auth* | grep Failed
cat /var/log/auth* | grep Accepted
audit.sh
Para bookworm Debian 12
#https://serverfault.com/questions/1148725/where-is-some-os-logs-in-debian-12
journalctl --since "1 hour ago" | grep Accepted*
journalctl --since "1 hour ago" | grep Failed*
Ejemplo: sshd[178606]: Accepted password for pi from 192.168.1.105 port 58964 ssh2
No comments:
Post a Comment