As a follow up to yesterday's post I thought it would be interesting to know statistics of the usernames used in those brute force probes. Find below awk/sed script to get usernames for failed ssh login attempts from OpenSSH daemon and sort it for statistics. Also I attach the list of the usernames I got from my server. The full list of usernames can be found at the end.
awk '/Failed password for/ ' /var/log/secure* | sed 's/.* \([[:print:]]\+\) from .*/ \1 /g ' | sort | uniq -c | sort -n -k1
And the winners are: The table listing top 10 usernames used in real cracking attampts on SSH service
|Username||Number of times seen|
Full list of the usernames Usernames.log