使用hosts.deny拒絕ssh試探連接
主要是爲了考慮到在公網打開ssh後,不斷有人試探連接,自動實現拒絕。
#趙雲
#自動監控ssh試探登陸,將其添加在/etc/hosts.deny實現拒絕
#設置嘗試次數,嘗試操作3次,就實現拒絕連接
number=3
#設置運行間隔時間,單位秒
sleep=1
#設置鎖定試探IP地址時間,單位秒
locktime=15
lockfile=/tmp/lock-ipadd
touch $lockfile
while true
do
#執行鎖定檢查
for badip in `lastb |awk '{print $3}' |grep -v ^$ |grep -v [A-Z] |sort |uniq -c |awk -vn="$number" '$1 > n {print $2}' `
do
time=`date +%s`
bip=`echo $badip |head -n $i |tail -n1`
echo $bip |grep [0-9] &>/dev/null
if [ $? -eq 0 ] ; then
grep $bip $lockfile &>/dev/null
if [ $? -eq 1 ] ; then
echo $bip.$time >>$lockfile
fi
grep $bip /etc/hosts.deny &>/dev/null
[ ! $? -eq 0 ] && (echo "SSHD:$bip" >>/etc/hosts.deny; logger "lock ip address $bip ")
cat /var/log/btmp >> /var/log/btmp.bak
>/var/log/btmp
fi
done
#解除鎖定操作
nowtime=`date +%s`
rows=`wc -l $lockfile |awk '{print $1}' `
for (( i=1;i<=rows;i++))
do
line=`cat -n $lockfile |head -n $i |tail -n1 |awk -F. '{print $5" "$1}' |awk -vt="$nowtime" '{print t-$1" "$2}' |awk -vt="$locktime" '$1>t {print $2}'`
echo $line |grep [0-9] &>/dev/null
if [ $? -eq 0 ] ; then
unlockip=`cat -n $lockfile |column -t | grep ^$line |awk '{print $2}' | awk -F. '{print $1"."$2"."$3"."$4}'`
sed -i "/SSHD:$unlockip/d" /etc/hosts.deny
logger "unlock ip address $unlockip "
sed -i "/$unlockip/d" $lockfile
fi
done
sleep $sleep
done
日誌查看
tail /var/log/messages
Apr 6 19:49:58 localhost sess: lock ip address 192.168.0.31
Apr 6 19:50:47 localhost sess: unlock ip address 192.168.0.31
Apr 6 19:51:02 localhost sess: unlock ip address 192.168.0.56