1、查看ssh被猜測密碼的IP及次數
cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2" = "$1;}'
2、創建腳步
vim /root/bin/denyhosts.sh
#!/bin/bash
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"=" $1;}' >/root/bin/Denyhosts.txt
DEFINE="10"
for i in `cat /root/bin/Denyhosts.txt`
do
IP=`echo $i|awk -F= '{print $1}'`
NUM=`echo $i|awk -F= '{print $2}'`
if [ $NUM -gt $DEFINE ]
then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -gt 0 ];
then
echo "sshd:$IP" >> /etc/hosts.deny
fi
fi
done
3、添加計劃
vim /etc/crontab
添加一行(每天1點整運行,注意vps時區)
0 1 * * * sh /root/bin/Denyhosts.sh