注意:需要使用root用户身份操作
1.ubuntu方式
- 脚本编写
mkdir /script
vim /script/checkBlackIp.sh#!/bin/sh
lastb |awk '/ssh/{print $3}' |sort |uniq -c |awk '{print $2"="$1}' >/script/black.list
for i in `cat /script/black.list`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i |awk -F= '{print $2}'`
echo $IP:$NUM
if [ $NUM -gt 2 ]; then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];then
echo "sshd:$IP:deny"
echo "sshd:$IP:deny" >>/etc/hosts.deny
fi
fi
done- 手工运行测试
sudo bash /script/checkBlackIp.sh- 定时2分钟执行1次
crontab -e# 加入如下内容
*/2 * * * * root sh /script/checkBlackIp.sh2.centerOS方式
- 脚本编写
mkdir /script
vim /script/checkBlackIp.sh#!/bin/bash
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /script/black.txt
for i in `cat /script/black.list`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i |awk -F= '{print $2}'`
echo $IP:$NUM
if [ $NUM -gt 2 ]; then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];then
echo "sshd:$IP:deny"
echo "sshd:$IP:deny" >>/etc/hosts.deny
fi
fi
done- 手工运行测试
sudo bash checkBlackIp.sh- 定时2分钟执行1次
crontab -e# 加入如下内容
*/2 * * * * root sh /script/checkBlackIp.sh
