![]()
#!/bin/bash
#author:dcc
#version:v1
#description:control ssh_error
#date:2018/05/27
while :
do
flag=1
IP=$(awk '/Failed password/{
IP[$11]++
IP[$13]++
} END{
for ( i in IP){
print i,IP[i]
}
}
' /var/log/secure | grep -v [a-Z] |egrep "\." |awk '$2>=3{print $1}')
for i in $IP
do
firewall-cmd --zone=block --list-sources | grep $i >/dev/null
if [ ! $? -eq 0 ];then
firewall-cmd --permanent --zone=block --add-source=$i >/dev/null
flag=0
fi
done
if [ $flag -eq 0 ];then
firewall-cmd --reload >/dev/null
fi
sleep 300
done
浙公网安备 33010602011771号