Hunter的大杂烩 技术学习笔记

2019-11-14

封禁穷举SSH密码的垃圾

Filed under: 技术话题 — hunter @ 6:21 pm

[code lang=”bash”]
#!/bin/sh

datestr=`date -d ‘2 minutes ago’ +"%b %e %H"`

/usr/bin/systemctl restart firewalld

sleep 10
/usr/bin/grep -w "authentication failure" /var/log/secure |/usr/bin/grep "$datestr"|grep rhost|grep pam_unix|awk ‘{print $14}’|awk -F ‘=’ ‘{print $2}’|sort|uniq -c|sort -n > iplist
cat iplist|while read line
do
num=`echo $line|awk ‘{print $1}’`
if [ $num -gt 10 ];then
ip=`echo $line|awk ‘{print $2}’`
/usr/sbin/iptables -I INPUT -s $ip -j DROP
fi
done

[/code]

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress