#!/bin/sh
SCANNER=`grep "$(date -d -1min|awk '{print substr($0,10,7)}')" /var/log/secure|awk '/Failed/{print $(NF-3)}'|awk -F":" '{print $NF}'|grep -v from|sort|uniq -c|awk '{print $1"="$2;}'`
echo $SCANNER
for i in $SCANNER
do
NUM=`echo $i|awk -F= '{print $1}'`
IP=`echo $i|awk -F= '{print $2}'`
echo $NUM
echo $IP
if [ $NUM -gt 2 ] && [ -z "`iptables -vnL INPUT|grep $IP`" ]
then
iptables -I INPUT -s $IP -m state --state NEW,RELATED,ESTABLISHED -j DROP
echo "`date` $IP($NUM)" >> /var/log/scanner.log
fi
done
由CU白金(platinu)制作脚本改编
阅读(2158) | 评论(0) | 转发(0) |