之前写的脚本突然不工作了,现在依然有很多新ip 攻击我的服务器,但是却没有继续把这些ip 加到黑名单里;
之前写的脚本如下,有些问题
https://www.jianshu.com/p/06bc21c44389
现在 出现的问题如下
通过日志可以看出,脚本已经有很久没有继续添加黑名单了;
crontab服务运行正常;后来排查是脚本的时间过滤出了问题;
更新脚本如下,并且将时间频率修改为2小时跑一次;
#!/bin/bash
cd /var/log
#last_hour=`date +'%b %_d %0k' --date='-1 hour'`
#this_day=`date +'%b %_d'`
#cat secure|egrep "$last_hour|$this_day"|egrep "Failed password|Did not receive identification"| grep -oP '([0-9]{1,3}\.){3}[0-9]{1,3}' > wrongIP.txt
cat secure | egrep "Failed password|Did not receive identification" | grep -oP '([0-9]{1,3}\.){3}[0-9]{1,3}' > wrongIP.txt
cat wrongIP.txt | sort | uniq -c | sort -rn -k 1 > countWrongIP.txt
cat countWrongIP.txt | while read li
do
this_time=`echo $li | awk '{print $1}'`
if [[ $this_time -gt 3 ]];then
this_ip=`echo $li | awk '{print $2}'`
deny_ip="sshd:"$this_ip
this_result=`cat /etc/hosts.deny | grep "$this_ip"`
if [ -z "$this_result" ];then
echo "`date` 新增黑名单ip:"$this_ip
echo $deny_ip >> /etc/hosts.deny
sum_black=`cat /etc/hosts.deny | grep sshd: | grep -v etc | wc -l`
echo '当前黑名单数量:'$sum_black
echo '--------------------------------------------------------------------------------------------------------'
fi
else
break
fi
done
rm -f wrongIP.txt countWrongIP.txt
运行正常了
网友评论