#!/bin/bash echo "Starting scan for SSH Brute Force Attacks" while [ 1 ] do count=$(netstat -tn | awk '{print $4}' | grep :22 | wc -l) if [ $count -gt 20 ] then attacker=$(netstat -tn | awk '{print $5}' | grep -v :22 | cut -d ':' -f1 | tail -1) echo "SSH Bruce Force Attack detected!!!" echo "$attacker made $count SSH connections at the same time" echo -e echo "Data collected:" netstat -tn break fi sleep 1 done