好吧,今天周天,没去公司,最近越来越小资了,居然周天不去公司!而且晚上还做了可乐鸡翅,第一次下厨,味道还行,刚维护完服务器趁着心情抓紧看书,看到个脚本,写下来,虽然不怎么懂,但是我会逐条去理解:
好吧,开始解释下边的代码,(为什么放到上边解释呢,因为我放到下边发现老是在编辑器里边,无法跳到空白栏),注释加到代码里边发现会换行..
#!/bin/bash
好吧,我承认下边的代码我写错了,写成中文的了...,这个我就不解释了,这个就是说我要bash来做解释器,因为shell有好多种....语法有所不同,所以这个肯定要有
#Denyhosts SHELL SCRIPT
#20121111
好吧,这个就是注释了,光棍节的注释
下边我们逐个命令来解释了,
cat /var/log/secure
这个句话,就是要查看/var/log/secure下的内容,查看了干吗?当然是给后边的命令了...
稍等,我开虚拟机
这条命令执行的结果为:
Nov 5 18:51:56 jmx sshd[3723]: Connection closed by 127.0.0.1
Nov 5 18:56:56 jmx sshd[3829]: Connection closed by 127.0.0.1
Nov 5 19:01:56 jmx sshd[3922]: Connection closed by 127.0.0.1
Nov 5 19:06:56 jmx sshd[3998]: Connection closed by 127.0.0.1
Nov 5 19:11:56 jmx sshd[4073]: Connection closed by 127.0.0.1
Nov 5 19:16:56 jmx sshd[4139]: Connection closed by 127.0.0.1
Nov 5 19:21:56 jmx sshd[4214]: Connection closed by 127.0.0.1
Nov 5 19:26:56 jmx sshd[4276]: Connection closed by 127.0.0.1
Nov 5 19:31:56 jmx sshd[4343]: Connection closed by 127.0.0.1
Nov 5 19:36:12 jmx sshd[2943]: pam_unix(sshd:session): session closed for user root
Nov 5 19:36:17 jmx polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.43, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Nov 5 19:36:29 jmx sshd[2067]: Received signal 15; terminating.
Nov 10 04:49:09 jmx sshd[2044]: Server listening on 0.0.0.0 port 22.
Nov 10 04:49:09 jmx sshd[2044]: Server listening on :: port 22.
Nov 10 04:49:10 jmx su: pam_unix(su-l:session): session opened for user nagios by (uid=0)
Nov 10 04:49:10 jmx su: pam_unix(su-l:session): session closed for user nagios
Nov 10 04:49:14 jmx polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 10 04:49:51 jmx sshd[2858]: Accepted password for root from 192.168.220.1 port 49991 ssh2
Nov 10 04:49:52 jmx sshd[2858]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 10 04:55:23 jmx sshd[2961]: Connection closed by 127.0.0.1
Nov 10 05:00:23 jmx sshd[3020]: Connection closed by 127.0.0.1
Nov 10 05:05:23 jmx sshd[3109]: Connection closed by 127.0.0.1
Nov 10 05:10:23 jmx sshd[3163]: Connection closed by 127.0.0.1
Nov 10 05:15:23 jmx sshd[3223]: Connection closed by 127.0.0.1
Nov 10 05:20:23 jmx sshd[3277]: Connection closed by 127.0.0.1
Nov 10 05:24:13 jmx sshd[2858]: pam_unix(sshd:session): session closed for user root
Nov 11 04:02:00 jmx sshd[2123]: Server listening on 0.0.0.0 port 22.
Nov 11 04:02:00 jmx sshd[2123]: Server listening on :: port 22.
Nov 11 04:02:02 jmx su: pam_unix(su-l:session): session opened for user nagios by (uid=0)
Nov 11 04:02:03 jmx su: pam_unix(su-l:session): session closed for user nagios
Nov 11 04:02:12 jmx polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 11 04:02:24 jmx sshd[2869]: Accepted password for root from 192.168.220.1 port 53703 ssh2
Nov 11 04:02:24 jmx sshd[2869]: pam_unix(sshd:session): session opened for user root by (uid=0)
然后就是这条命令:
awk '/Failed/{print $(NF-3)}'
awk 神器啊,我们先看下结果吧,好吧,我这输出为空....,先解释下NF,NF就是每行拥有的字段总数,
然后就是输出倒数第三列....
sort
这个就是排序了....
uniq -c
这个就是算算每个的次数了,uniq的意思是去重复,-c 才是count
然后就是下一句
do
和下边的
done
是一对,这个我就不罗嗦了
awk '{print $2 "=" $1;}' >/root/black.txt
这个的意思就是按照标准格式输出
类似:
192.168.0.1 = 10
然后把它输出到black中
DEFINE="10"
然后定义了一个最大次数
for i in 'cat /root/black.txt'
这句话就是一个循环....(应该是一个逐行的循环...每一行都取出来
@皮总 ,是这个意思不?)
IP='echo $i |awk -F= '{print $1}''
这句话就是说:给老子把第一行拿出来,然后按照“=”进行分割,把第一个参数赋值给IP
NUM='echo $i |awk -F= '${print $2}'
同样的把次数赋值NUM
grep $IP /etc/hosts.deny >/dev/null
这个地方看一下以前hosts.deny是否有这个ip了,当然,/dev/null是个垃圾箱..无底的
if [ $? -gt 0 ];
$?是一个状态码,就是上一条命令是否执行成功了,
也就是说grep 是否有结果,有说明已经存在,没有说明...就是没有
then
如果没放进去过就放进去
echo "sshd:$IP" >> /etc/hosts.deny
然后就是结束if
结束if
然后我来执行下,因为语法什么的的,空格什么的,我估计会有问题
好吧,果然报错:
./deny.sh: line 17: syntax error near unexpected token `fi'
./deny.sh: line 17: ` fi'
我晕啊,这个是啥个意思啊?
是不是空格有问题啊?
大爷的,我查了好半天居然是少了个then...
if [ $NUM -gt 0 ]
好吧,还是不能运行
./deny.sh: line 10: 'echo $i |awk -F= '${print $2}'': bad substitution
大爷的,9行不报错,10行报错...
好吧,网上查了下说要换成bash,问题我本来就是bash啊!!!!好吧,应该是awk语法有问题,我记得之前不是这么写的
好吧,我错了
NUM='echo $i |awk -F "=" '${print $2}''
我改成这样也报错....
好吧,我忽略了9行报错说命令不存在....
好吧,实在看不出来了....
@皮总看这里,这个为啥报错啊?
---------------------------------给小弟解释下吧
#!/bin/bash
#Denyhosts SHELL SCRIPT
#20121111
cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c |awk '{print $2 "=" $1;}' >/root/black.txt
DEFINE="10"
for i in 'cat /root/black.txt'
do
IP='echo $i |awk -F= '{print $1}''
NUM='echo $i |awk -F= '${print $2}''
if [ $NUM -gt 0 ]
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];
then
echo "sshd:$IP" >> /etc/hosts.deny
fi
fi
done
最终不报错的版本如下:
#!/bin/bash
#Denyhosts SHELL SCRIPT
#20121111
cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c |awk '{print $2 "=" $1;}' >/root/black.txt
DEFINE="10"
for i in 'cat /root/black.txt'
do
IP=`echo $i |awk -F"=" '{print $1 }'`
NUM=`echo $i |awk -F"=" '{print $2 }'`
if [[ $NUM -gt 0 ]];
then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];
then
echo " sshd:$IP " >>/etc/hosts.deny
fi
fi
done
感谢@wzk,@皮总,@wzp24,还有每次遇到问题都会打扰的@逝水fox
最后感谢@红薯....
感谢国家,感谢人民...
感谢多了....