快速地查出登陆ssh失败的ip和数量
cat /var/log/secure |awk '/Failed/{print$(NF-3)}'|sort|uniq -c
========================
将secure_ssh.sh脚本放入cron计划任务,每2分钟执行一次。
0 */2 * * * /etc/shell/secure_ssh.sh > /dev/null 2>&1
[root@server01 shell]#
cat secure_ssh.sh
脚本如下:
#!/bin/bash awk '/Failed/{print $(NF-3)}' /var/log/secure|sort|uniq -c|awk '{print $2 "=" $1}' > /etc/shell/limit_ssh.txt DEFINE="6" for i in `cat /etc/shell/limit_ssh.txt` do IP=`echo $i |awk -F= '{print $1}'` NUM=`echo $i|awk -F= '{print $2}'` if [ $NUM -gt $DEFINE ]; then grep $IP /etc/hosts.deny > /dev/null if [ $? -gt 0 ]; then echo "sshd:$IP:deny" >> /etc/hosts.deny fi fi done
赋予可执行权限
chmod +x /etc/shell/secure_ssh.sh
====
Feb 16 16:58:11 server01 sshd[130156]: Failed password for root from 192.168.119.25 port 47684 ssh2 Feb 16 16:58:14 server01 sshd[130156]: Failed password for root from 192.168.119.25 port 47684 ssh2 Feb 16 16:58:17 server01 sshd[130156]: Failed password for root from 192.168.119.25 port 47684 ssh2 Feb 16 16:58:28 server01 sshd[130158]: Failed password for root from 192.168.119.25 port 47686 ssh2 Feb 16 16:58:32 server01 sshd[130158]: Failed password for root from 192.168.119.25 port 47686 ssh2
网友留言: