#cat vsftpd.sh
#!/bin/bash
CONF=/etc/vsftpd/vsftpd.conf
DIR=/var/log/vsftpd
mkdir $DIR 2>/dev/null
VLOG=$DIR/vsftpd.log
touch $DIR/vsftpd.log
USEVLOG=$DIR/use_vsftp.log
FAILIP=$DIR/vsftpd_failipnetstat -antlp |grep vsftpd |awk '{print $4}' |awk -F0. '{print $5}'
DENYIP=$DIR/deny_ip
PORT=`netstat -antlp |grep vsftpd |awk '{print $4}' |awk -F0. '{print $5}'`
BACKDENYIP=$DIR/back_deny_ip
LOGBACK=$DIR/logback
LN1=`wc -l $BACKDENYIP |awk '{print $1}'`
LOGCOMM="(dual_log_enable=YES|vsftpd_log_file=/var/log/vsftpd.log)"
time=`date +"%Y-%m-%d %H-%M-%S"`
egrep $LOGCOMM /etc/vsftpd/vsftpd.conf >/dev/null
if [ $? -gt 0 ] ; then
echo "dual_log_enable=YES" >> $CONF
echo "vsftpd_log_file=/var/log/vsftpd.log" >> $CONF
service vsftpd reload >/dev/null
else
echo "conf ok " >/dev/null
fi
cat $VLOG >> $LOGBACK
cat $VLOG > $USEVLOG
cat $USEVLOG |grep FAIL |awk '{print $12}' |awk -F'"' '{print $2}' > $FAILIP
cat $FAILIP | uniq -c | awk '$1 > 10 {print $1" "$2}' > $DENYIP; cat $DENYIP >> $BACKDENYIP
for ip in `awk '{print $2}' $DENYIP`
do
iptables -I INPUT -s $ip -p tcp --dport $PORT -j REJECT
done
LN2=`wc -l $BACKDENYIP |awk '{print $1}'`
VALUE=`echo $LN2-$LN1 | bc`
if [ $VALUE -gt 0 ] ; then
sendmail -t <
from: monitor@zhaoyun.com
to:15101507336@139.com
subject: warning
$time 有人正在试图登录您的FTP服务器,系统已经帮你拦截,详情请登录服务器进行查看。
EOF