#!/bin/bash #author:dcc #version:v1 #description:control ssh_error #date:2018/05/27 while : do flag=1 IP=$(awk '/Failed password/{ IP[$11]++ IP[$13]++ } END{ for ( i in IP){ print i,IP[i] } } ' /var/log/secure | grep -v [a-Z] |egrep "\." |awk '$2>=3{print $1}') for i in $IP do firewall-cmd --zone=block --list-sources | grep $i >/dev/null if [ ! $? -eq 0 ];then firewall-cmd --permanent --zone=block --add-source=$i >/dev/null flag=0 fi done if [ $flag -eq 0 ];then firewall-cmd --reload >/dev/null fi sleep 300 done