此脚本用于分析统计secure日记文件,对ssh登录错误次数较多的IP用iptables封掉。' a6 ?# o, F6 Z1 x7 ]' [
- #!/bin/bash; ?; d0 r2 U' `% t. i
- #Created by haiyun+ Z4 o4 b% l+ u
- num=10 #上限
4 a. m1 i2 Y( b( I5 Y& I( a( e - for i in `awk '/Failed/{print $(NF-3)}' /var/log/secure|sort|uniq -c|sort -rn|awk '{if ($1>$num){print $2}}'`" Z0 i: ?* _! V/ A; ~, u# ~
- do
' p! ]4 _! c! m - iptables -I INPUT -p tcp -s $i --dport 22 -j DROP
% L8 R8 X% A$ o, @1 `9 N1 R5 E* i2 ? - done
- crontab -e
' o( F! H( c j- r; G0 }# M, Y - * */5 * * * sh /path/file.sh #5小时执行一次
" ~1 N, m" y' F, m
) x0 n, R7 S' @. S1 H |
发表于 2014-3-30 02:58:12