This is a simple script for analysing auth.log
. It tabulates IP
addresses and user names that are involved in failed login attempts
via ssh
(although the script could be easily extended to cover
other services, as well). Moreover, it creates a CSV file for subsequent
choropleth map plotting.
$ pipenv shell
$ ./auceps.py /var/log/auth*
$ ./make_choropleth_map.py /tmp/countries.csv
For the choropleth map creation, you need to have a valid plotly account.
See my blog post on analysing nefarious ssh access attempts for more details.