#!/bin/bash
#this is for count and block the hack ip for ssh login
ip=`grep "Failed" secure-20121223 | awk '{print $(NF-3)}' | sort | uniq -c | awk '{print $1"="$2}'`
count="4"
for i in $ip
do
number=`echo $i | awk -F "=" '{print $1}'`
blockip=`echo $i | awk -F "=" '{print $2}'`
echo "$number$blockip"
if [ $number -gt $count ];then
grep $blockip /tmp/secret/test.txt > /dev/null
if [ $? -gt 0 ];then
echo "sshd:$blockip" >> /tmp/secret/test.txt
fi
fi
done
阅读(1939) | 评论(0) | 转发(0) |