Linux系统利用 hosts.deny 阻止SSH暴力攻击的防护
#!/bin/bash
#
# 基于操作系统《CentOS 6.5_x64最小化安装》的安全和优化脚本
#
# CentOS/RadHat 6+ Debian 7+ and Ubuntu 14+
#
# Copyright © 2015年10月1日 Email:service@fooher.com
#
# 个人博客: http://www.fooher.com by 运维天涯
#
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
date=`date +%Y%m%d`
#securefile="/var/log/secure-20190811"
securefile="/var/log/secure"
logfile=/data/logs/sshdlog/ip.txt
deny_file=/etc/hosts.deny
LINES=`grep "^sshd:" $deny_file | wc -l`
max=1
[ ! -d /data/logs/sshdlog ] && mkdir -p /data/logs/sshdlog
if [[ -f $securefile ]]
then
grep Failed $securefile | awk '{print $(NF-3)}' | sort -rn | uniq -c | awk '{print $2 "=" $1}'> ${logfile}
fi
for a in `cat ${logfile}`
do
if [[ `echo $a| awk -F"=" '{print $2}'` -gt $max ]]
then
b=`echo $a | awk -F"=" '{print $1}'`
grep $b ${deny_file} >/dev/null
if [[ $? != 0 ]]
then
echo "sshd:$b" >> ${deny_file}
echo "$b" | mail -s "报警" hanktod@sina.com
fi
fi
done
echo;
echo -e "\033[32m [INFO]: 一共禁止 $LINES 个 IP 暴利破解SSHD服务 \033[0m"
echo;