auto drop ssh failed ip address
阿新 • • 發佈:2018-07-18
防火墻 deny onf con password iptable 配置 auth var #/bin/bash
#auto drop ssh failed ip address
#author by efoni 2018.7
SEC_FILE=/var/log/secure
#如下為截取secure文件惡意ip遠程登錄22端口,大於等於4次就寫入防火墻deny,禁止以後在登錄22端口,egrep -o "[0-9]{1,3}.){3}[0-9]{1,3}"是匹配ip的正則表達式
IP_ADDR=tail -n 1000 $SEC_FILE|grep "Failed password"|egrep -o "[0-9]{1,3}.){3}[0-9]{1,3}"|sort -nr |uniq -c|awk ‘$1>=4 {print $2}‘
echo
cat <<EOF
++++++++++++++++++++++++++++++++welcome to use ssh login drop failed ip++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
EOF
fi
[ $? -ne 0 ];then
#判斷iptables配置文件是否已存在要拒絕的ip,不存在則加入
sed -i "/lo/a -A INPUT -s $i -m state --state NEW -m tcp --dport 22 -j DROP" $IPTABLE_CONF
else
echo "This $i is exist in iptables,please exit."
fi
done
#最後重啟iptables 生效
#auto drop ssh failed ip address
#author by efoni 2018.7
SEC_FILE=/var/log/secure
#如下為截取secure文件惡意ip遠程登錄22端口,大於等於4次就寫入防火墻deny,禁止以後在登錄22端口,egrep -o "[0-9]{1,3}.){3}[0-9]{1,3}"是匹配ip的正則表達式
IP_ADDR=tail -n 1000 $SEC_FILE|grep "Failed password"|egrep -o "[0-9]{1,3}.){3}[0-9]{1,3}"|sort -nr |uniq -c|awk ‘$1>=4 {print $2}‘
echo
cat <<EOF
++++++++++++++++++++++++++++++++welcome to use ssh login drop failed ip++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
EOF
for i in echo $IP_ADDR
do
#查看iptables配置文件是否已經含有提取的IP信息
fi
[ $? -ne 0 ];then
#判斷iptables配置文件是否已存在要拒絕的ip,不存在則加入
sed -i "/lo/a -A INPUT -s $i -m state --state NEW -m tcp --dport 22 -j DROP" $IPTABLE_CONF
else
echo "This $i is exist in iptables,please exit."
fi
done
#最後重啟iptables 生效
auto drop ssh failed ip address