Linux系统利用 hosts.deny 阻止SSH暴力攻击的防护
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
#!/bin/bash # # 基于操作系统《CentOS 6.5_x64最小化安装》的安全和优化脚本 # # CentOS/RadHat 6+ Debian 7+ and Ubuntu 14+ # # Copyright © 2015年10月1日 Email:service@fooher.com # # 个人博客: http://www.fooher.com by 运维天涯 # export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin date=`date +%Y%m%d` securefile="/var/log/secure" logfile=/data/logs/sshdlog/ip.txt deny_file=/etc/hosts.deny LINES=`grep "^sshd:" $deny_file | wc -l` max= [ ! -d /data/logs/sshdlog ] && mkdir -p /data/logs/sshdlog if [[ -f $securefile ]] then grep Failed $securefile | awk '{print $(NF-3)}' | sort -rn | uniq -c | awk '{print $2 "=" $1}'> ${logfile} fi for a in `cat ${logfile}` do if [[ `echo $a| awk -F"=" '{print $2}'` -gt $max ]] then b=`echo $a | awk -F"=" '{print $1}'` grep $b ${deny_file} >/dev/null if [[ $? != 0 ]] then echo "sshd:$b" >> ${deny_file} echo "$b" | mail -s "报警" hanktod@sina.com fi fi done echo; echo -e "\033[32m [INFO]: 一共禁止 $LINES 个 IP 暴利破解SSHD服务 \033[0m" echo; |
