This is a simple script for analysing auth.log
. It tabulates IP
addresses and user names that are involved in failed login attempts
via ssh
ย (although the script could be easily extended to cover
other services, as well). Moreover, it creates a CSV file for subsequent
choropleth map plotting.
$ pipenv shell
$ ./auceps.py /var/log/auth*
$ ./make_choropleth_map.py /tmp/countries.csv
For the choropleth map creation, you need to have a valid plotly account.
See my blog post on analysing nefarious ssh access attempts for more details.