一、拒绝超过n次登陆的ip进行ssh连接
结合/var/log/secure文件,将ssh登陆失败次数大于N的IP封顶
N=3 SEC_FILE=/var/log/secure for ip in `grep "Failed password" $SEC_FILE|grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort -n|uniq -c|awk '{if($1>$N) print $2}'` do iptables -A INPUT -s $ip -p tcp --dport 22 -j DROPdone
二、CentOS7防止恶意破解root账户的脚本
#!/bin/bash #Denyhosts SHELL SCRIPT #2017-01-24 # #When a IP is accessed 50 times through sshd, it is written to the hosts.deny file, #which prohibits the IP from connecting to the host via sshd # #Add to timing task cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2"="$1;}' > /root/black.txt DEFINE=50 for i in $(cat /root/black.txt) do IP=$( $i | awk -F'=' '{print $1}') NUM=$( $i | awk -F'=' '{print $2}') if [$NUM -gt $DEFINE]; then grep $IP /etc/hosts.deny > /dev/null if [$? -gt 0];then echo "sshd:$IP" >> /etc/hosts.deny fi fi done
【未完待续…】
