检测SSH攻击,并报警

#!/bin/bash
#edit: www.jbxue.com
#Prevent SSH attack
#
SLEEPTIME=30
lastb -n 500| grep -v "^$" | grep -v "btmp" | awk '{print $3}' | sort | uniq -c  | grep -v "公司IP" |sort -nr > attack.log
while true
do
     while read line
     do
          IP=`echo $line | awk '{print $2}'`
          TIME=`echo $line | awk '{print $1}'`
          if [ "$TIME" -gt 10 ]; then
               grep "$IP"  /etc/hosts.deny &> /dev/null
               if [ "$?" -ne "0" ]; then
                   echo "sshd: $IP" >> /etc/hosts.deny
               fi
          fi
     done < attack.log
     /bin/sleep $SLEEPTIME
done

分割线
感谢打赏
江西数库信息技术有限公司
YWSOS.COM 平台代运维解决方案
 评论
 发表评论
姓   名:

Powered by AKCMS