sed -n '/Failed password/p' /var/log/auth.log | grep -v "invalid" | awk '{print $11}' | sort | uniq
sed -n '/Accept/p' /var/log/auth.log | awk '{print $11}' | sort | uniq
for i in `sed -n '/Failed password/p' /var/log/auth.log | grep -v "invalid" | awk '{print $11}' | sort | uniq`;do curl ipinfo.io/$i ; sleep 2 ; done
查看当前最大连接数
cat /proc/sys/net/nf_conntrack_max
临时生效
sysctl -w net.netfilter.nf_conntrack_max = 655350
永久生效
/etc/sysctl.conf
添加一行
net.netfilter.nf_conntrack_max=655350
# 修复系统内所有安装的软件包的权限
for p in $(rpm -qa); do rpm --setperms $p; done
linux
/usr/lib/dracut/skipcpio initramfs-......img | zcat | cpio -div
# 快速扫描一个ip开放的tcp端口
nmap -p- -sV -sS -T4 1.2.3.4 -v --min-parallelism 10000 -Pn
# 检查是否有异常进程
for pid in $(ls /proc | egrep "[1-9]$"); do echo "-------pid=$pid-------" ;cat /proc/$pid/cmdline 2>/dev/null && echo ''; done
win
Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
安全-4624-succ
安全-4625-fail
ubuntu
http://archive.ubuntu.com/ubuntu/
dist/?/main/binary-amd64/Packages.gz
# 直接查看gz文件中的内容
zcat
