测试
#!/bin/bash
>/etc/fileno
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '$1>=3 {print $2}'>/etc/fileno
for i in `cat /etc/fileno`
do
echo "sshd:$i" >> /etc/hosts.deny
done
$(NF-3)是倒数第四列
功能:登陆失败次数大于3加入黑名单自动监控脚本
实时监控放到/etc/profile.d/
#!/bin/bash
while true
do
for i in `cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '$1>=3 {print $2}'`
[ `egrep -v "#" /etc/hosts.deny |uniq -c|awk '$1>1{print $2}'` -eq $i ]||echo "sshd:$i">>/etc/hosts.deny
done
版权声明:本文为m493096871原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。