【就业班作业】【第十一周】1、编写脚本/root/bin/checkip.sh，每5分钟检查一次，如果发现通过ssh登录失败 次数超过10次，自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问

 编写脚本/root/bin/checkip.sh，每5分钟检查一次，如果发现通过ssh登录失败 次数超过10次，自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问

[root@localhost bin]# awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>0)print i}' < /var/log/secure 
192.168.0.20
192.168.0.6
[root@localhost bin]# awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>10)print i}' < /var/log/secure 
192.168.0.6
[root@localhost bin]# cat /root/bin/newcheckip.sh 
#!/bin/bash
#
awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>10)print i}' < /var/log/secure > /data/tcpwapperdeny.txt
while read IP;do
       echo "sshd:$IP" >> /etc/hosts.deny
done < /data/tcpwapperdeny.txt 
[root@localhost bin]# bash -x /root/bin/newcheckip.sh 
+ awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>10)print i}'
+ read IP
+ echo sshd:192.168.0.6
+ read IP
[root@localhost bin]# cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#        deny connections to network services that either use
#        the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        The rules in this file can also be set up in
#        /etc/hosts.allow with a 'deny' option instead.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
sshd:192.168.0.6
[root@localhost bin]# cat /data/tcpwapperdeny.txt 
192.168.0.6
[root@localhost bin]# 

监控频率每隔5分钟

[root@localhost ~]# crontab -l
*/5 * * * * /root/bin/checkip.sh
[root@localhost ~]#

（结束）