Refuse remote illegal users to use ssh brute force to log in to the server. Once the wrong password is entered four times, the host IP will be refused to log in directly.
The script is as follows:
| #!/bin/bash
#auto deny ssh error ip
#author is lingshu
#2018-04-30
########################### #definiens file path
SSH_LOG=/var/log/secure
DENY_LIST=/var/log/deny.ip
IPTABLES=/etc/sysconfig/iptables #View
the last thousand lines of the log file, if it is found that there is a wrong password, it will be rejected four times above hosts. Just grab the rejected IP addresses.
IP_LIST=`tail -n 1000 /var/log/secure | grep "Failed password" |awk '{print $11}'|uniq -c |awk '$1>4{print $2}'` #Write the rejection cycle to the iptables configuration file
for i in $IP_LIST
do #Define
rule template
RULE="-A INPUT -s $i -m state --state NEW -m tcp -p tcp --dport 22 -j DROP"
#See if the host IP has been rejected. Avoid duplicate write deny rules.
cat $IPTABLES | grep $RULE &>/dev/null
if [ $? -ne 0 ];then #If
you haven't written it, refer to the template and add rules
sed -i "/lo/a $RULE" $IPTABLES #!!! Use sed to replace variables, you need to use double quotes!!!
#Restart iptables to make the rules take effect
service iptables restart
else #If the
rules have been written, print a prompt message.
echo "deny rule existing..."
fi
done |
Attachment: Change the file encoding
iconv -f utf8 -t gb2312 denyip.sh -o win.denyip.sh Change the encoding format from utf8 to GB2312 and generate a new file