- 脚本
找出secure日志文件中密码输入错误次数大于20的IP地址,然后设置防火墙拒绝其连接
#!/bin/bash
# -------------+--------------------
# * Filename : jujue2.sh
# * Revision : 2.0
# * Date : 2017-09-13
# * Author : Aubin
# * Description :
# -------------+---------------------
# www.shuaiguoxia.com
#
logfile=./secure
awk '/Failed/{print $(NF-3)}' $logfile | sort -n | uniq -c | while read str ;do
sum=`echo $str | awk '{print $1}'`
ip=`echo $str | awk '{print $2}'`
if [ $sum -gt 20 ] ;then
echo "$ip REJECT"
iptables -A INPUT -s $ip -j REJECT
fi
done
网友评论