Centos block IPs failed many times

来自
https://yq.aliyun.com/articles/624167?spm=a2c4e.11155435.0.0.49c63312Ds2gU9
vi /usr/local/bin/secure_ssh.sh

#! /bin/bash

cat /var/log/secure|awk ‘/Failed/{print $(NF-3)}’|sort|uniq -c|awk ‘{print $2″=”$1;}’ > /usr/local/bin/black.list

for i in `cat /usr/local/bin/black.list`

do

IP=`echo $i |awk -F= ‘{print $1}’`

NUM=`echo $i|awk -F= ‘{print $2}’`

if [ ${#NUM} -gt 1 ]; then

grep $IP /etc/hosts.deny > /dev/null

if [ $? -gt 0 ];then

echo “sshd:$IP:deny” >> /etc/hosts.deny

fi

fi

done

将secure_ssh.sh脚本放入cron计划任务,每1分钟执行一次。
vi /var/spool/cron/root

*/1 * * * * sh /usr/local/bin/secure_ssh.sh

看看服务器上的黑名单文件:
cat /usr/local/bin/black.txt

再看看服务器上的hosts.deny
cat /etc/hosts.deny

更多参考:

https://blog.csdn.net/ausboyue/article/details/53691953

http://huikon.cn/post-330.html

https://www.cnblogs.com/panblack/p/secure_ssh_auto_block.html

Leave a Reply

Your email address will not be published. Required fields are marked *