1、需要root用户执行
2、将会在脚本所在目录生成hosts.deny文件,里面存数据
脚本奉上【本人菜鸟,千万不要喷啊】:
#!/usr/bin/python # _*_coding:utf-8 _*_ import time import re import sys import os from datetime import date logfile = r‘/var/log/secure‘ current_path = sys.path[0] denyfile = r‘/‘+current_path+‘/hosts.deny‘ months_31 = [‘Jan‘,‘Mar‘,‘May‘,‘Jul‘,‘Aug‘,‘Oct‘,‘Dec‘] months_30 = [‘Apr‘,‘Jun‘,‘Sep‘,‘Nov‘] month_28or29 = ‘Feb‘ months = { ‘Jan‘:1,‘Feb‘:2,‘Mar‘:3,‘Apr‘:4,‘May‘:5,‘Jun‘:6, ‘Jul‘:7,‘Aug‘:8,‘Sep‘:9,‘Oct‘:10,‘Nov‘:11,‘Dec‘:12 } month_days = {} for mon in months_31: month_days[mon] = 31 for mon in months_30: month_days[mon] = 30 if date.isocalendar(date.today())[0] % 4 == 0: month_days[month_28or29] = 29 else: month_days[month_28or29] = 28 def copyFiles(sourceFile, targetFile): open(targetFile, "wb").write(open(sourceFile, "rb").read()) def search_source(): t = date.today() month = t.strftime(‘%b‘) day = t.strftime(‘%d‘) pat = re.compile(‘.+sshd.+Failed password.+ (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) .+‘) lines = [] f = open(logfile,‘r‘) for line in f: if line.split()[0] == month and (int(day) - int(line.split()[1])) < 7 and (int(day) - int(line.split()[1])) >= 0: if re.search(pat,line): lines.append(line) elif (months[month] - months[line.split()[0]]) == 1 or (months[month] - months[line.split()[0]]) == -11: if (int(day) + month_days[line.split()[0]] - int(line.split()[1])) < 7 and re.search(pat,line): lines.append(line) return lines def count_ips(lines): count = {} if len(lines) == 0: print ‘No one use ssh and failed.‘ raise SystemExit pat = re.compile(‘ (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ‘) for line in lines: ip = re.findall(pat,line)[0] if ip in count: count[ip] += 1 else: count[ip] = 1 return count def deny_ips(count): f = open(denyfile,‘w‘) valve = 50 for ip in count: if count[ip] >= valve: word = ‘ALL: %s #failed %d times in a week.\n‘ % (ip,count[ip]) f.write(word) f.close() def main(): current_path=sys.path[0] if os.path.isfile(current_path+"/hosts.deny"): copyFiles(current_path+"/hosts.deny", current_path+"/hosts.deny."+str(int(time.time()))) lines = search_source() count = count_ips(lines) deny_ips(count) if __name__ == ‘__main__‘: main()
原文地址:http://diamondlich.blog.51cto.com/11893809/1873801