验证中...
私信发送成功
ssh_scan.sh
原始数据 复制代码
#!/bin/bash
LOG_FILE="/var/log/secure"
TABLES="/tmp/tables"
test -e $TABLES || touch $TABLES
tail -f $LOG_FILE|while read line
do
str=`echo $line | grep "authentication failure" | grep -v "grep" | awk '{for(x=1;x<=NF;x++){if(match($x,"rhost=")){rhost=substr($x,RSTART+RLENGTH,length($x)); printf ("%s %s\n",$3,rhost);}}}'`
if [ -n "$str" ]; then
NEWTIME=`echo $str |awk -F":" '{printf ("%s:%s",$1,$2);}'`
OLDTIME=`tail -n 1 $TABLES |awk -F":" '{printf ("%s:%s",$1,$2);}'`
if [ "$NEWTIME" == "$OLDTIME" ]; then
echo $str >> $TABLES
else
echo $str > $TABLES
fi
cat $TABLES | awk '{print $2}' | sort | uniq -c | sort -rn | xargs -l | \
while read amount ip
do
{
if [ $amount -gt 10 ]; then
iptables -A INPUT -s $ip -j DROP
sed -i '/$ip/d' $TABLES
#allow 2 hours later
sleep 7200
iptables -D INPUT -s $ip -j DROP
fi
}&
done
fi
done

评论列表( 0 )

你可以在登录后,对此项目发表评论

6_float_left_people 6_float_left_close