Guys, I been doing a search on net for common log errors that show attacks. I am working on a script to put information from my logs to check for attacks, here are three I got. Does anyone know were I can find more, or can you recommend a string for me to search for? "for SSH attacks"; `grep 'Invalid user' /var/log/messages | awk '{ print $10 }' | grep '[0-9]' | sort | uniq` ; "for Pop attacks..."; `grep "\-ERR \[AUTH\]" /var/log/mail | awk '{ print $9 }' | sed 's/(//g' | sed 's/)://g' | sort | uniq` "for Storm Worm"; `grep "smtpd_peer_init" /var/log/mail | awk '{ print $8 }' | sed 's/://g' | sort -u` "for Spammer checking accounts" grep 'Recipient address rejected' mail.log | awk '{ print $10 }' for ftp grep -i 'no such user' /var/log/proftpd/proftpd.log | awk '{ print $7 }' | cut -d\[ -f2 | cut -d\] -f1 | sed 's/::ffff://g' |sort | uniq I been getting hit real hard from China and Korea lately, and I know if they are hit me on Mail, ssh, and ftp. They got to be hitting me in other areas. -- ---------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- http://en.opensuse.org/User:Terrorpup openSUSE Ambassador openSUSE Member skype -- terrorpup twitter -- terrorpup friendfeed -- http://friendfeed.com/terrorpup Come join me at the Atlanta Linux Fest, September 19th, 2009 http://atlantalinuxfest.org/. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org