1)结合/var/log/secure文件,将ssh登陆失败次数大于N的IP封顶
N=3
SEC_FILE=/var/log/secure
for ip in `grep "Failed password" $SEC_FILE|grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort -n|uniq -c|awk ‘{if($1>$N) print $2}‘`
do
iptables -A INPUT -s $ip -p tcp --dport 22 -j DROP
done本文出自 “一马踏平川” 博客,请务必保留此出处http://huangzp.blog.51cto.com/12434999/1904669
原文:http://huangzp.blog.51cto.com/12434999/1904669