实验说明:
1.
服务端为172.25.254.231
客户端:172.25.254.20
2.登陆信息系统保存在/var/log/secure
3.截取登陆失败的ip
awk '/Failed/{print $(NF-3)}
4.排序并统计次数:
sort|uniq -c
脚本:
#!bin/bash
cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | uniq -c | awk '{print $2"="$1;}' > /usr/local/bin/black.list
for i in `cat /usr/local/bin/black.list`
do
IP=`echo $i | awk -F= '{print $1}'`
NUM=`echo $i |awk -F= '{print $2}'`
if [ $NUM -gt 3 ]; then
grep $IP /etc/hosts.deny > /dev/null
if [ $? -gt 0 ]; then
echo "sshd:$IP:deny" >> /etc/hosts.deny
echo "$IP have already exit in /etc/hosts.deny"
fi
fi
done
统计172.25.254.20已经失败登陆八次
执行脚本:
172.25.254.20登陆已经被拒绝
附;脚本运行过程;