Skip to content

Tool

cat /etc/redhat-release

CentOS Linux release 8.5.2111

rpm -qa | grep epel-release

epel-release-8-13.el8.noarch

yum install denyhosts

No match for argument: denyhosts

Reply

This is good. I took it one step further too. I took all the blocklists maintained by http://www.wizcrafts.net/iptables-blocklists.html and saved them into a single file, then wrote this shell script to filter the comments out of the list and use iptables to block entire ranges:

wiznets.txt
#/bin/bash

while read line; do
echo " "
echo "Current Line: $line"
    if [[ ${line:0:1} == [0-9]* ]]; then
        iptables -I INPUT -s $line -j DROP
        echo "$line is a valid IP range. Added to iptables block list."
else
echo "$line was skipped. Not a valid IP."
    fi
done <"$file"

https://www.tecmint.com/prevent-ssh-brute-force-login-attacks/

12 Useful Commands For Filtering Text for Effective File Operations in Linux Aaron KiliLast Updated: August 9, 2017 CategoriesLinux Commands 2 Comments

freestar In this article, we will review a number of command line tools that act as filters in Linux. A filter is a program that reads standard input, performs an operation upon it and writes the results to standard output.

For this reason, it can be used to process information in powerful ways such as restructuring output to generate useful reports, modifying text in files and many other system administration tasks.

With that said, below are some of the useful file or text filters in Linux.

  1. Awk Command Awk is a remarkable pattern scanning and processing language, it can be used to build useful filters in Linux. You can start using it by reading through our Awk series Part 1 to Part 13.

Additionally, also read through the awk man page for more info and usage options:

$ man awk 2. Sed Command

freestar sed is a powerful stream editor for filtering and transforming text. We’ve already written a two useful articles on sed, that you can go through it here:

How to use GNU ‘sed’ Command to Create, Edit, and Manipulate files in Linux 15 Useful ‘sed’ Command Tips and Tricks for Daily Linux System Administration Tasks The sed man page has added control options and instructions:

$ man sed 3. Grep, Egrep, Fgrep, Rgrep Commands These filters output lines matching a given pattern. They read lines from a file or standard input, and print all matching lines by default to standard output.

Note: The main program is grep, the variations are simply the same as using specific grep options as below (and they are still being used for backward compatibility):

$ egrep = grep -E $ fgrep = grep -F $ rgrep = grep -r Below are some basic grep commands:

tecmint@TecMint ~ $ grep "aaronkilik" /etc/passwd aaronkilik❌1001:1001::/home/aaronkilik:

tecmint@TecMint ~ $ cat /etc/passwd | grep "aronkilik" aaronkilik❌1001:1001::/home/aaronkilik: You can read more about What’s Difference Between Grep, Egrep and Fgrep in Linux?.

  1. head Command head is used to display the first parts of a file, it outputs the first 10 lines by default. You can use the -n num flag to specify the number of lines to be displayed:

tecmint@TecMint ~ $ head /var/log/auth.log Jan 2 10:45:01 TecMint CRON[3383]: pam_unix(cron:session): session opened for user root by (uid=0) Jan 2 10:45:01 TecMint CRON[3383]: pam_unix(cron:session): session closed for user root Jan 2 10:51:34 TecMint sudo: tecmint : TTY=unknown ; PWD=/home/tecmint ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py Jan 2 10:51:34 TecMint sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jan 2 10:51:39 TecMint sudo: pam_unix(sudo:session): session closed for user root Jan 2 10:55:01 TecMint CRON[4099]: pam_unix(cron:session): session opened for user root by (uid=0) Jan 2 10:55:01 TecMint CRON[4099]: pam_unix(cron:session): session closed for user root Jan 2 11:05:01 TecMint CRON[4138]: pam_unix(cron:session): session opened for user root by (uid=0) Jan 2 11:05:01 TecMint CRON[4138]: pam_unix(cron:session): session closed for user root Jan 2 11:09:01 TecMint CRON[4146]: pam_unix(cron:session): session opened for user root by (uid=0)

tecmint@TecMint ~ $ head -n 5 /var/log/auth.log Jan 2 10:45:01 TecMint CRON[3383]: pam_unix(cron:session): session opened for user root by (uid=0) Jan 2 10:45:01 TecMint CRON[3383]: pam_unix(cron:session): session closed for user root Jan 2 10:51:34 TecMint sudo: tecmint : TTY=unknown ; PWD=/home/tecmint ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py Jan 2 10:51:34 TecMint sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jan 2 10:51:39 TecMint sudo: pam_unix(sudo:session): session closed for user root Learn how to use head command with tail and cat commands for effective usage in Linux.

  1. tail Command tail outputs the last parts (10 lines by default) of a file. Use the -n num switch to specify the number of lines to be displayed.

freestar The command below will output the last 5 lines of the specified file:

tecmint@TecMint ~ $ tail -n 5 /var/log/auth.log Jan 6 13:01:27 TecMint sshd[1269]: Server listening on 0.0.0.0 port 22. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on :: port 22. Jan 6 13:01:27 TecMint sshd[1269]: Received SIGHUP; restarting. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on 0.0.0.0 port 22. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on :: port 22. Additionally, tail has a special option -f for watching changes in a file in real-time (especially log files).

The following command will enable you monitor changes in the specified file:

tecmint@TecMint ~ $ tail -f /var/log/auth.log Jan 6 12:58:01 TecMint sshd[1269]: Server listening on :: port 22. Jan 6 12:58:11 TecMint sshd[1269]: Received SIGHUP; restarting. Jan 6 12:58:12 TecMint sshd[1269]: Server listening on 0.0.0.0 port 22. Jan 6 12:58:12 TecMint sshd[1269]: Server listening on :: port 22. Jan 6 13:01:27 TecMint sshd[1269]: Received SIGHUP; restarting. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on 0.0.0.0 port 22. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on :: port 22. Jan 6 13:01:27 TecMint sshd[1269]: Received SIGHUP; restarting. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on 0.0.0.0 port 22. Jan 6 13:01:27 TecMint sshd[1269]: Server listening on :: port 22. Read through the tail man page for a complete list of usage options and instructions:

$ man tail 6. sort Command sort is used to sort lines of a text file or from standard input.

Below is the content of a file named domains.list:

tecmint@TecMint ~ $ cat domains.list tecmint.com tecmint.com news.tecmint.com news.tecmint.com linuxsay.com linuxsay.com windowsmint.com windowsmint.com You can run a simple sort command to sort the file content like so:

tecmint@TecMint ~ $ sort domains.list linuxsay.com linuxsay.com news.tecmint.com news.tecmint.com tecmint.com tecmint.com windowsmint.com windowsmint.com