【就业班作业】【第十一周】1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
[root@localhost bin]# awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>0)print i}' < /var/log/secure 192.168.0.20 192.168.0.6 [root@localhost bin]# awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>10)print i}' < /var/log/secure 192.168.0.6 [root@localhost bin]# cat /root/bin/newcheckip.sh #!/bin/bash # awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>10)print i}' < /var/log/secure > /data/tcpwapperdeny.txt while read IP;do echo "sshd:$IP" >> /etc/hosts.deny done < /data/tcpwapperdeny.txt [root@localhost bin]# bash -x /root/bin/newcheckip.sh + awk '/Failed password/{ip[$(NF-3)]++}END{for(i in ip)if(ip[i]>10)print i}' + read IP + echo sshd:192.168.0.6 + read IP [root@localhost bin]# cat /etc/hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd:192.168.0.6 [root@localhost bin]# cat /data/tcpwapperdeny.txt 192.168.0.6 [root@localhost bin]#
监控频率每隔5分钟
[root@localhost ~]# crontab -l */5 * * * * /root/bin/checkip.sh [root@localhost ~]#
(结束)