#!/bin/bash
#edit: www.jbxue.com
#Prevent SSH attack
#
SLEEPTIME=30
lastb -n 500| grep -v "^$" | grep -v "btmp" | awk '{print $3}' | sort | uniq -c | grep -v "公司IP" |sort -nr > attack.log
while true
do
while read line
do
IP=`echo $line | awk '{print $2}'`
TIME=`echo $line | awk '{print $1}'`
if [ "$TIME" -gt 10 ]; then
grep "$IP" /etc/hosts.deny &> /dev/null
if [ "$?" -ne "0" ]; then
echo "sshd: $IP" >> /etc/hosts.deny
fi
fi
done < attack.log
/bin/sleep $SLEEPTIME
done
2016-11-16
检测SSH攻击,并报警
评论
发表评论
姓 名: