1、tcpwrapper
#!/bin/bash
Fail_100=`/bin/grep ‘Failed‘ /var/log/secure* | /bin/egrep -o ‘([0-9]{1,3}\.){3}[0-9]{1,3}‘ | /bin/sort | /usr/bin/uniq -c | /bin/sort -rn | /bin/awk ‘$1 > 100 {print $2}‘`
for Fip in $Fail_100
do
/bin/grep "$Fip" /etc/hosts.deny &> /dev/null
[[ $? -ne 0 ]] && /bin/echo "sshd:$Fip: spawn (/bin/echo \"login attmpt from %c to %s\" | /bin/mail -s \"information abount sshd login attempt\" root@localhost)&" >> /etc/hosts.deny 2> /dev/null && /bin/echo -e "$Fip" >> /var/log/.Fail_IP_list
done2、iptables
#!/bin/bash
Fail_100=`/bin/grep ‘Failed‘ /var/log/secure* | /bin/egrep -o ‘([0-9]{1,3}\.){3}[0-9]{1,3}‘ | /bin/sort | /usr/bin/uniq -c | /bin/sort -rn | /bin/awk ‘$1 > 100 {print $2}‘`
/etc/init.d/iptables save
for Fip in $Fail_100
do
/bin/grep "$Fip" /etc/sysconfig/iptables &> /dev/null
[[ $? -ne 0 ]] && /sbin/iptables -I INPUT 3 -s "$Fip" -j DROP && /bin/echo -e "$Fip" >> /var/log/.Fail_IP_list
done
/etc/init.d/iptables save本文出自 “勿忘初心” 博客,请务必保留此出处http://winterysea.blog.51cto.com/9677346/1709807
原文:http://winterysea.blog.51cto.com/9677346/1709807