注意:需要使用root用户身份操作
1.ubuntu方式
mkdir /script
vim /script/checkBlackIp.sh
#!/bin/sh
lastb |awk '/ssh/{print $3}' |sort |uniq -c |awk '{print $2"="$1}' >/script/black.list
for i in `cat /script/black.list`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i |awk -F= '{print $2}'`
echo $IP:$NUM
if [ $NUM -gt 2 ]; then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];then
echo "sshd:$IP:deny"
echo "sshd:$IP:deny" >>/etc/hosts.deny
fi
fi
done
sudo bash /script/checkBlackIp.sh
crontab -e
# 加入如下内容
*/2 * * * * root sh /script/checkBlackIp.sh
2.centerOS方式
mkdir /script
vim /script/checkBlackIp.sh
#!/bin/bash
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /script/black.txt
for i in `cat /script/black.list`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i |awk -F= '{print $2}'`
echo $IP:$NUM
if [ $NUM -gt 2 ]; then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];then
echo "sshd:$IP:deny"
echo "sshd:$IP:deny" >>/etc/hosts.deny
fi
fi
done
sudo bash checkBlackIp.sh
crontab -e
# 加入如下内容
*/2 * * * * root sh /script/checkBlackIp.sh
参考资料
- Linux Contos Ubuntu防爆破ssh脚本
评论 (0)