#iplist=$(/bin/lastb |awk '{print $3}'|sort|uniq -c|awk '{if ($1>3) print $2}')
#查看失败的登录记录 登录次数大于1500次的ip 且不是192的内网ip
iplist=$(/bin/lastb |awk '{print $3}'|sort|uniq -c|awk '{if ($1>1500) print $2}' | grep -v "^192.")
# 追加到黑名单并清空登录日志
for ip in ${iplist}
do
echo ALL: ${ip} >> /etc/hosts.deny
echo > /var/log/btmp
done