注意: 此脚本并不会定期清理之前添加到/etc/hosts.deny中的ip地址
此脚本运行在centos6的系统之上,如centos7需要的话,需要修改脚本声明(#!/usr/bin/bash);
#!/bin/bash
#
while true
do
awk ‘/Failed password/{print $(NF-3)}‘ /var/log/secure | sort | uniq -c | awk ‘{if($1>=4) print $2}‘ > /tmp/reject.txt
for i in `cat /tmp/reject.txt`
do
ip=$i
grep -w "$ip" /etc/hosts.deny
if [ $? -gt 0 ]
then
echo "sshd:$ip" >> /etc/hosts.deny
fi
done
sleep 4
done#后台运行此脚本,直到天荒地老
nohup ./sshdlanjie4.sh &
本文出自 “RSLinux” 博客,请务必保留此出处http://readshlinux.blog.51cto.com/9322509/1833553
原文地址:http://readshlinux.blog.51cto.com/9322509/1833553
