当有IP地址尝试ssh登陆失败3次后,自动将该IP加入黑名单,可加到crontab定时任务每分钟执行1次
#!/bin/bash
while true
do
badip=`lastb -a |awk '/ssh:notty/{print $NF}' |sort |uniq -c |awk '$1>=3{print $NF}'`
for i in $badip
do
echo -e "sshd:\t$i" >> /etc/hosts.deny
: > /var/log/btmp
done
sleep 10
done