自动检查扫描ssh端口的ip,扫描100次的用户自动禁止命令
自动检查扫描ssh端口的ip,扫描100次的用户自动禁止命令
自动检查扫描ssh端口的ip,扫描100次的用户自动禁止命令
01
#! /bin/bash
02
#sshd,failed
03
cd /var/bak www.2cto.com
04
cat /var/log/secure | grep Failed |awk '{print $13}'| sort | uniq -c >loginfailed.txt
05
cat /var/log/secure | grep Failed |awk '{print $11}'| sort | uniq -c >>loginfailed.txt
06
sed -i '/[a-z]/d' loginfailed.txt
07
sed -i '/[A-Z]/d' loginfailed.txt
08
cat loginfailed.txt | awk '{if(length($2)>7) print }'|sort -n >abc.txt
09
mail -s "198,sshd failed" 411876027@qq.com < abc.txt
10
cat abc.txt | awk '{if (length($1)>2) print }'| awk '{print $2}'>bb.txt
11
#cat abc.txt | awk '{if ($1~/5|6|7|8|9/) print }'| awk '{print $2}'>>bb.txt
12
cat bb.txt| xargs -I {} echo "sshd:{}" >> /etc/hosts.deny
13
rm abc.txt
14
rm bb.txt
15
rm loginfailed.txt
16
cp /var/log/secure /var/logbak/secure`date +%F-%T`
17
>/var/log/secure www.2cto.com
评论暂时关闭