@H_301_0@#!/bin/bash

@H_301_0@local_ip="192.168.0.4" #定义本地IP不会被拒绝

@H_301_0@tmp_log=`mktemp`

@H_301_0@cat /var/log/secure |grep "Failed password for root from" |awk '{print $11}' |uniq -c > $tmp_log

@H_301_0@cat $tmp_log |while read line

@H_301_0@ do

@H_301_0@ attack_num=`echo $line |awk '{print $1}'`

@H_301_0@ attact_ip=`echo $line |awk '{print $2}'`

@H_301_0@ if [ "$attack_num" -gt "10" ] && [ "$local_ip" != "$attack_ip" ]

@H_301_0@ then

@H_301_0@ echo sshd:"$attact_ip":deny >> /etc/hosts.deny

@H_301_0@ fi

@H_301_0@ done

@H_301_0@sort -u /etc/hosts.deny > $tmp_log #过滤相同IP

@H_301_0@cp -f $tmp_log /etc/hosts.deny

@H_301_0@rm -f $tmp_log

@H_301_0@

@H_301_0@每5分钟检测一次，在5分钟内尝试密码登录错误超过10次的拒绝这个IP

@H_301_0@crontab -e

@H_301_0@*/5 * * * * /sh/sshtool.sh

@H_301_0@

@H_301_0@查看被拒绝的IP

@H_301_0@cat /etc/hosts.deny

原文链接：/bash/392722.html