拒绝恶意同构ssh登陆服务器脚本 

#!/bin/bash
#Deny specified IP access
#IP:who is fail to login sever
SECURE_LOG=/var/log/secure
#通过secure文件进行过滤得出登陆密码失败超过15次的IP地址
IP_ADDR= `cat /var/log/secure | grep fail | egrep -o '([0-9]{1,3}\.){3}([0-9]{1,3})' | sort -nr | uniq -c | awk '$1 >= 15 {print $2}'`

#IP_ADDR= `awk '{print $0}' /var/log/secure......
IP_Deny_FILE=/etc/sysconfig/iptables

#echo  "..................start IP deny.................................."
echo 
cat <<EOF
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>start IP deny<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
EOF

###假装等待开始
for  (( j=0; j<=3;j++))
    do 
	echo -n "."
	sleep 1
    done

#讲IP进行过滤,禁止通过ssh登陆到服务器上
for i in `echo $IP_ADDR`
    do
	cat $IP_Deny_FILE |grep $i >/dev/null
	if [ $? -ne 0 ];then
	    sed '1a -A INPUT -s $i -m state --state NEW  -m tcp -p tcp --dport 22 -j DROP' $IP_Deny_FILE
	fi
done
#看看是否修改了iptables,有则执行iptbales跟新

PD=`find /etc/sysconfig/ -name iptables -a -mmin -1 |wc -l`
if [ $PD -eq 1 ];then
    /etc/init.d/iptables restart
    echo
    echo "successful"
else
    echo
    echo "as the same"
fi

[root@MYSQL_MASTER ~]# cat eyi_ip.sh 
#!/bin/bash
#Deny specified IP access
#IP:who is fail to login sever
SECURE_LOG=/var/log/secure
#通过secure文件进行过滤得出登陆密码失败超过15次的IP地址
IP_ADDR= `cat /var/log/secure | grep fail | egrep -o '([0-9]{1,3}\.){3}([0-9]{1,3})' | sort -nr | uniq -c | awk '$1 >= 15 {print $2}'`

#IP_ADDR= `awk '{print $0}' /var/log/secure......
IP_Deny_FILE=/etc/sysconfig/iptables

#echo  "..................start IP deny.................................."
echo 
cat <<EOF
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>start IP deny<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
EOF

###假装等待开始
for  (( j=0; j<=3;j++))
    do 
	echo -n "."
	sleep 1
    done

#讲IP进行过滤,禁止通过ssh登陆到服务器上
for i in `echo $IP_ADDR`
    do
	cat $IP_Deny_FILE |grep $i >/dev/null
	if [ $? -ne 0 ];then
	    sed '1a -A INPUT -s $i -m state --state NEW  -m tcp -p tcp --dport 22 -j DROP' $IP_Deny_FILE
	fi
done
#看看是否修改了iptables,有则执行iptbales跟新

PD=`find /etc/sysconfig/ -name iptables -a -mmin -1 |wc -l`
if [ $PD -eq 1 ];then
    /etc/init.d/iptables restart
    echo
    echo "successful"
else
    echo
    echo "as the same"
fi

  

posted @ 2019-10-27 15:38  linux——quan  阅读(203)  评论(0编辑  收藏  举报