恶意IP远程登录Linux服务器脚本
#!/bin/sh#auto drop ssh failed IP address#定义变量SEC_FILE=/var/log/secure#如下为截取secure文件恶意ip 远程登录22端口,大于等于4次就写入防火墙,禁止以后再登录服务器的22端口IP_ADDR=`tail -n 1000 /var/log/secure |grep "Failed password"| egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -nr | uniq -c |awk ' $1>=4 {print $2}'`IPTABLE_CONF=/etc/sysconfig/iptablesechocat <<EOF++++++++++++++welcome to use ssh login drop failed ip+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------++++++++++++++++++EOF#打印动态滚动条,参照老男孩博客-数组分析文章echo -n "请等待5秒后开始执行 "for ((j=0;j<=4;j++)) ;do echo -n "----------";sleep 1 ;doneechofor i in `echo $IP_ADDR`do #查看iptables配置文件是否含有提取的IP信息 cat $IPTABLE_CONF |grep $i >/dev/nullif [ $? -ne 0 ];then #判断iptables配置文件里面是否存在已拒绝的ip,如何不存在就不再添加相应条目 sed -i "/lo/a -A INPUT -s $i -m state --state NEW -m tcp -p tcp --dport 22 -j DROP" $IPTABLE_CONFelse #如何存在的话,就打印提示信息即可 echo "This is $i is exist in iptables,please exit ......"fidone#最后重启iptables生效/etc/init.d/iptables restart
不要让懒惰占据你的大脑,不让要妥协拖跨你的人生。青春就是一张票,能不能赶上时代的快车,你的步伐掌握在你的脚下,good luck
浙公网安备 33010602011771号