centos,密码登陆，防暴力破解

在centos下，如果使用是密码登陆，可能需要防sshd暴力破解

本人简单脚本，当该ip登陆超过一定次数后，便自动加入到黑名单中

#!/bin/bash

# init path
ssh_log='/var/log/secure'
ssh_list='/root/ssh_list'
hosts_deny='/etc/hosts.deny'
limit_num=50

# count ssd failed_count->ip
cat $ssh_log | grep 'Failed' | awk '{print $(NF-3)}' | sort | uniq -c > $ssh_list

# append no exits ip to hosts.deny
sshd_failed_count=(`cat $ssh_list | awk '{print $1}'`)
sshd_failed_ip=(`cat $ssh_list | awk '{print $2}'`)
sshd_ip_deny=(`cat $hosts_deny | grep 'sshd' | awk -F: '{print $2}'`)

index=0
tmp_sshd_failed_ip=""
for failed_count in ${sshd_failed_count[@]}
do
    if (( $failed_count > $limit_num )) ;then
        tmp_sshd_failed_ip=${sshd_failed_ip[$index]}
        # check ip is exits?
        flag=0
        for deny_ip in ${sshd_ip_deny[@]}
        do
            if [[ "$deny_ip" == "$tmp_sshd_failed_ip" ]] ;then
                flag=1
            fi
        done
        # ip is not exits
        if (( $flag == 0 )) ;then
            cur_time=`date '+%Y-%m-%d %T'`
            echo '['$cur_time'] '$tmp_sshd_failed_ip' faile password is '$failed_count', add to hosts.deny.'
            deny_cmd='sshd:'$tmp_sshd_failed_ip':deny'
            echo $deny_cmd >> $hosts_deny
        fi
    fi
    index=${index}+1
done