Contents

• 检查恶意IP登录，拒绝SSH

3.29. 检查恶意IP登录，拒绝SSH

#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
SEC_FILE=/var/log/secure
IP_ADDR=`awk '{print $0}' /var/log/secure |grep -i "fail"|egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort -nr|uniq -c|awk '$1>=15 {prin
t $2}'`
IPTABLE_CONF=/etc/sysconfig/iptables
echo

cat <<EOF
+++++++++++++++++++++++++++++++++++++= Welcome to yse ssh login drop failed ip ++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++-----------------------------------------------=++++++++++++++++++++++++++
EOF
echo
for (( VAR = 0; VAR <=6 ; ++VAR )); do echo -n "-";sleep 1;done
echo
for i in `cat $IP_ADDR` ; do
    cat $IPTABLE_CONF|grep $i > /dev/null
    if [ "$?" -ne 0 ]; then
        sed -i "/lo/a -A INPUT -s $i -m state --state NEW -m tcp -p tcp --dport 22 -j DROP" $IPTABLE_CONF
    fi
done
NUM=`find /etc/sysconfig/ - name -a -mmin -1|wc -l `

if test "$NUM" -eq 1; then
     /etc/init.d/iptables restart
fi