Detect SSH Brute Force Attack and Locate Attacker

Brute Force Attack consists of systematically checking all possible passwords until the correct one is found. If the host is exposed directly to the Internet (WAN) and SSH service is running on the host, it becomes a subject of constant brute force attacks performed by automated scripts like hydra.

To detect SSH brute force attempts on systems running systemd service manager (CentOS7/Fedora21/RHEL7), you can use journalctl command with parameters:
Continue reading “Detect SSH Brute Force Attack and Locate Attacker”