Shell防止暴力破解主机

生产环境可已直接使用

根据hosts.deny做出的对策

#!/bin/bash

#Host.deny Shell Script

#author wending

#20160726

SEC_FILE=/var/log/secure

IP_ADDR=`tail -n 1000 /var/log/secure |grep "Failed password"| egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -nr | uniq -c |awk ' $1>=4 {print $2}'`

HOSTDENY=/etc/hosts.deny

for ((j=0;j

echo

for i in `echo $IP_ADDR`

do

cat $HOSTDENY |grep $i >/dev/null

if

[ $? -ne 0 ];then

echo sshd:$i >> $HOSTDENY

else

echo "This is $i is exist in iptables,please exit ......" >>/tmp/auto_passdrop.log

fi

done

2.根据iptables做出的对策

#!/bin/sh

#auto drop ssh failed IP address

#wending 2016-0604

#定义变量

SEC_FILE=/var/log/secure

#如下为截取secure文件恶意ip 远程登录22端口，大于等于4次就写入防火墙，禁止以后再登录服务器的22端口

IP_ADDR=`tail -n 1000 /var/log/secure |grep "Failed password"| egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -nr | uniq -c |awk ' $1>=4 {print $2}'`

IPTABLE_CONF=/etc/sysconfig/iptables

#打印动态滚动条，参照老男孩博客-数组分析文章

for ((j=0;j

echo

for i in `echo $IP_ADDR`

do

#查看iptables配置文件是否含有提取的IP信息

cat $IPTABLE_CONF |grep $i >/dev/null

if

[ $? -ne 0 ];then

#判断iptables配置文件里面是否存在已拒绝的ip，如何不存在就不再添加相应条目

#sed -i "/lo/a -A INPUT -s $i -m state --state NEW -m tcp -p tcp --dport 22 -j DROP" $IPTABLE_CONF && /etc/init.d/iptables restart

sed -i "/lo/a -A INPUT -s $i -j DROP " $IPTABLE_CONF && /etc/init.d/iptables restart

else

#如何存在的话，就打印提示信息即可

echo "This is $i is exist in iptables,please exit ......"

fi

done