在centos下,如果使用是密码登陆,可能需要防sshd暴力破解
本人简单脚本,当该ip登陆超过一定次数后,便自动加入到黑名单中
#!/bin/bash
# init path
ssh_log='/var/log/secure'
ssh_list='/root/ssh_list'
hosts_deny='/etc/hosts.deny'
limit_num=50
# count ssd failed_count->ip
cat $ssh_log | grep 'Failed' | awk '{print $(NF-3)}' | sort | uniq -c > $ssh_list
# append no exits ip to hosts.deny
sshd_failed_count=(`cat $ssh_list | awk '{print $1}'`)
sshd_failed_ip=(`cat $ssh_list | awk '{print $2}'`)
sshd_ip_deny=(`cat $hosts_deny | grep 'sshd' | awk -F: '{print $2}'`)
index=0
tmp_sshd_failed_ip=""
for failed_count in ${sshd_failed_count[@]}
do
if (( $failed_count > $limit_num )) ;then
tmp_sshd_failed_ip=${sshd_failed_ip[$index]}
# check ip is exits?
flag=0
for deny_ip in ${sshd_ip_deny[@]}
do
if [[ "$deny_ip" == "$tmp_sshd_failed_ip" ]] ;then
flag=1
fi
done
# ip is not exits
if (( $flag == 0 )) ;then
cur_time=`date '+%Y-%m-%d %T'`
echo '['$cur_time'] '$tmp_sshd_failed_ip' faile password is '$failed_count', add to hosts.deny.'
deny_cmd='sshd:'$tmp_sshd_failed_ip':deny'
echo $deny_cmd >> $hosts_deny
fi
fi
index=${index}+1
done