Refuse remote illegal users to use ssh brute force to log in to the server. Once the wrong password is entered four times, the host IP will be refused to log in directly.
The script is as follows:
#!/bin/bash #auto deny ssh error ip #author is lingshu #2018-04-30 ########################### #definiens file path SSH_LOG=/var/log/secure DENY_LIST=/var/log/deny.ip IPTABLES=/etc/sysconfig/iptables #View the last thousand lines of the log file, if it is found that there is a wrong password, it will be rejected four times above hosts. Just grab the rejected IP addresses. IP_LIST=`tail -n 1000 /var/log/secure | grep "Failed password" |awk '{print $11}'|uniq -c |awk '$1>4{print $2}'` #Write the rejection cycle to the iptables configuration file for i in $IP_LIST do #Define rule template RULE="-A INPUT -s $i -m state --state NEW -m tcp -p tcp --dport 22 -j DROP" #See if the host IP has been rejected. Avoid duplicate write deny rules. cat $IPTABLES | grep $RULE &>/dev/null if [ $? -ne 0 ];then #If you haven't written it, refer to the template and add rules sed -i "/lo/a $RULE" $IPTABLES #!!! Use sed to replace variables, you need to use double quotes!!! #Restart iptables to make the rules take effect service iptables restart else #If the rules have been written, print a prompt message. echo "deny rule existing..." fi done |
Attachment: Change the file encoding
iconv -f utf8 -t gb2312 denyip.sh -o win.denyip.sh Change the encoding format from utf8 to GB2312 and generate a new file