要求:同一个IP暴力破解超过10次,自动屏蔽IP地址,指定办公室IP地址(192.168.100.100)为可信任IP地址,不受屏蔽规则限制,以下为日志格式:
日志样式:
May 4 03:43:07 tz-monitor sshd{14003}: Failed password for root from 124.232.135.84 port 25251 ssh2
Myy 4 03:43:07 tz-monitor sshd{14082}: invalid user postgres from 124.232.135.84
// #!/bin/bashawk'/Failed password/{count[$(NF-3)]++}END{for (ip in count) if(count[ip]>=10){print count[ip],ip}}' /var/log/secure > /tmp/count_ip.txt
whileread line
do
IP=$(echo $line |awk'{print $2}')if["$IP"!="192.168.100.100"];thenif!grep -w $IP /tmp/drop_ip.txt &> /dev/null;then
iptables -I INPUT -s $IP -j DROP
echo$IP>> /tmp/drop_ip.txt
fifidone< /tmp/count_ip.txt;
Interface Physical Protocol IP Adderss
Eth1/0/1 up up 199.11.250.1
Eth1/0/2 up up 200.11.250.5
Loop0 up up(s) 199.11.250.1
Vlan1 *down down unassigned
Vlan500 down down 139.100.1.157
Vlan900 up up 140.11.250.41
// #!/bin/bashwhileread line
do
isnum=$(echo $line |awk -F "[ .]+" '{print $(NF-3)}')
if [[ $isnum =~ ^[0-9]+$ ]];then
if [ $isnum -ne 199 ] && [ $isnum -ne 200 ];then
echo $line | awk '{print $NF}'
fifidone< /tmp/config.txt;
// cd / find -type f -name "*.log.bak"|xargstar zcf /tmp/all.tar.gz
ftp -i -n <<FTPIT
open 123.234.25.130
user username_xxx password_xxx
bin
passive
hash
cd /home/bak
lcd /tmp
put all.tar.gz
quit
FTPIT;