1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
1>创建脚本
[root@centos7 ~]# vim bin/checkip.sh
#!/bin/bash
#过滤/var/log/secure日志,因为有密码输入错误和用户名输入错误,awk取IP值要利用NF-3取值
awk '/Failed password/{count[$(NF-3)]++}END{for(i in count){if(count[i]>10) print i}}' /var/log/secure > /tmp/ssh_faild.log
while read ip;do
#如果IP为空或者已经在/etc/hosts.deny中,就跳过此次循环
if grep -q "$ip" /etc/hosts.deny;then
continue
else
echo "sshd:$ip" >> /etc/hosts.deny
fi
done </tmp/ssh_faild.log
[root@centos7 ~]# chmod +x bin/checkip.sh
2>添加计划任务
[root@centos7 ~]# vim /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job defin