1.创建shell脚本

# 打开完成
vim /usr/local/bin/secure_ssh.sh

# 写入内容
#! /bin/bash
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /usr/local/bin/black.txt
for i in `cat  /usr/local/bin/black.txt`
do
  IP=`echo $i |awk -F= '{print $1}'`
  NUM=`echo $i|awk -F= '{print $2}'`
# 登录错误次数超过5次,拉入黑名单
   if [ $NUM -gt 5 ];then
      grep $IP /etc/hosts.deny > /dev/null
    if [ $? -gt 0 ];then
      echo "sshd:$IP:deny" >> /etc/hosts.deny
    fi
  fi
done

2.创建定时任务

# 编辑定时任务
crontab -e

# 加入定时执行脚本,每分钟执行一次
*/1 * * * *  sh /usr/local/bin/secure_ssh.sh

3.查看已经禁止的黑名单

[root@my_contos7 ~]# cat /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#       deny connections to network services that either use
#       the tcp_wrappers library or that have been
#       started through a tcp_wrappers-enabled xinetd.
#
#       The rules in this file can also be set up in
#       /etc/hosts.allow with a 'deny' option instead.
#
#       See 'man 5 hosts_options' and 'man 5 hosts_access'
#       for information on rule syntax.
#       See 'man tcpd' for information on tcp_wrappers
#
sshd:109.234.153.131:deny
sshd:179.230.106.228:deny
sshd:36.66.4.62:deny
sshd:177.25.179.128:deny
sshd:177.25.186.11:deny
sshd:88.244.0.72:deny