脚本:自动封IP
#!/bin/bash
limit="6"
zero="0"
num=`tail -100 ar/log cure |grep "Failed password for invalid user" |awk '{print $13}' |sort |uniq -c`
echo "$num" > /tmp mit.txt
sed -i '/sshd/d' /etc/hosts.deny
while read line
do
times=`echo "$line" |awk '{print $1}'`
ipadd=`echo "$line" |awk '{print $2}'`
if [ $times > $limit ] ; then
echo sshd:$ipadd >> /etc/hosts.deny
fi
done < /tmp/limit.txt
user=`cat /etc/passwd |cut -d: -f1`
for i in $user
do
checkF=`tail -100 ar/log cure |grep "Failed password for $i from" |awk '{print $11}' |sort |uniq -c`
echo "$checkF"|grep -v "^$" > /tmp/limit.txt
while read line
do
num=`echo "$line" |awk '{print $1}'`
mac=`echo "$line" |awk '{print $2}'`
if [ $num -gt $limit ] ; then
exist=`sed -n '/'$mac'/p' /etc/hosts.deny|wc -l`
if [ $exist -eq $zero ] ; then
echo sshd:$mac >> /etc/hosts.deny
fi
fi
done < /tmp/limit.txt
done
阅读(2068) | 评论(1) | 转发(0) |
