#!/bin/sh
#
# author : zogs
# email  : <zogs at anche.no>  
# site   : http://www.autistici.org/c0de
#
# title  : ogozaimass.sh
# descr. : extrapolate the malicious ip from /var/log/messages after the third try
#
# if you want to know how many times the have tried to login, put this code after grep -v "    3"
#    
#	| awk '{print $2}'
#
# with pipe


evil_chk_root(){
	if [ $(whoami) != "root" ] ; then
		evil_usage
	fi
}

evil_usage(){
	echo -e "you must be root: \n root ~ # $0 \n or  \n user ~ \$ sudo $0  \n"
	exit
} 	

evil_chk_root

cat /var/log/messages |grep Invalid | awk '{print $10}'|sort | uniq -c |sort -nr | grep -v "      1" |grep -v "      2"|grep -v "      3" 

# astrolicamus