20 Feb
2020
20 Feb
'20
10:29 p.m.
(on 02/20/2020 at 9:03pm mountain time, Ed said)
I don't know how you've gone about identifying "hack attempts".
I was looking at journalctl output for something else; I don't recall what. It was years ago. I happened to notice many entries reporting login attempts to root and other login names coming from various ip addresses. Someone in the fedora users list at that time noted that there was an interesting assortment of countries from which those attempts were originating.
I tried "last" and "lastb". Those look useful. Thank-you, Ed. I believe those are what I am looking for.
Back to John's suggestions.