centos rhel下如下
- #! /bin/bash
- cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/black.txt
- cat /var/log/secure|awk '/Invalid user/{print $NF}'|sort|uniq -c|awk '{print $2"="$1;}' >> /tmp/black.txt
- DEFINE="20"
- for i in `cat /root/black.txt`
- do
- IP=`echo $i |awk -F= '{print $1}'`
- NUM=`echo $i|awk -F= '{print $2}'`
- if [ $NUM -gt $DEFINE ];
- then
- grep $IP /etc/hosts.deny > /dev/null
- if [ $? -gt 0 ];
- then
- echo "sshd:$IP" >> /etc/hosts.deny
- fi
- fi
- done
opensuse下如下
- #! /bin/bash
- cat /var/log/messages|awk '/error: PAM: Authentication failure/{print $NF}'|sort|uniq -c|awk '{print $2"="$1;}' > /tmp/black.txt
- cat /var/log/secure|awk '/Invalid user/{print $NF}'|sort|uniq -c|awk '{print $2"="$1;}' >> /tmp/black.txt
- DEFINE="10"
- $2"="$1;}' >> /tmp/black.txt
- for i in `cat /tmp/black.txt`
- do
- IP=`echo $i |awk -F= '{print $1}'`
- NUM=`echo $i|awk -F= '{print $2}'`
- if [ $NUM -gt $DEFINE ];
- then
- grep $IP /etc/hosts.deny > /dev/null
- if [ $? -gt 0 ];
- then
- echo "sshd:$IP" >> /etc/hosts.deny
- fi
- fi
- done
效果不错
本文转自it你好 51CTO博客,原文链接:http://blog.51cto.com/itnihao/745951,如需转载请自行联系原作者
