{"id":178,"date":"2021-04-01T10:57:00","date_gmt":"2021-04-01T02:57:00","guid":{"rendered":"http:\/\/feel.name\/?p=178"},"modified":"2021-04-01T10:57:00","modified_gmt":"2021-04-01T02:57:00","slug":"%e9%98%b2%e6%ad%a2%e6%81%b6%e6%84%8f%e6%89%ab%e6%8f%8fssh%e7%99%bb%e9%99%86","status":"publish","type":"post","link":"http:\/\/feel.name\/?p=178","title":{"rendered":"\u9632\u6b62\u6076\u610f\u626b\u63cfssh\u767b\u9646"},"content":{"rendered":"\n

\u811a\u672c1\uff1a<\/p>\n\n\n\n

#!\/bin\/bash #\u7edf\u8ba1\u5c1d\u8bd5\u767b\u9646\u6b21\u6570
cat \/var\/log\/secure | grep “Failed password” | awk ‘{ print $(NF-3)}’ | sort -n | uniq -c | awk ‘{ print $2″=”$1}’ > abc.txt
#\u5f97\u5230\u626b\u63cf\u5931\u8d25\u7684ip\u5730\u5740
ipaddr=($(cat \/var\/log\/secure | grep “Failed password” | awk ‘{ print $(NF-3)}’ | sort -n | uniq -c | awk ‘{ print $2″=”$1}’))
for i in ${ipaddr[@]} ; do
        NUM=$(cat abc.txt | awk ‘{print $1}’)
        IP=$(cat abc.txt | awk ‘{print $2}’)
        if [[ $NUM > 15 ]]; #\u5f97\u5230\u626b\u63cf\u8d85\u8fc715\u6b21\u7684ip\u5730\u5740
        then
                grep $IP \/etc\/hosts.deny > \/dev\/null
                if [[ $? != 0 ]]; #\u5224\u65ad\u8be5ip\u662f\u5426\u5728\/etc\/hosts.deny\u4e2d
                then
                        echo “sshd:$IP” >> \/etc\/hosts.deny
                fi
        fi<\/p>\n\n\n\n

done<\/p>\n\n\n\n

\u53e6\u4e00\u79cd\u5199\u6cd5\uff1a<\/p>\n\n\n\n

#\/bin\/bash
##deny ssh from invalid remote client\u00a0
grep “Failed password” \u00a0\/var\/log\/secure | awk ‘{ print $(NF-3)}’ | sort -n | uniq -c > \/tmp\/ssh_log


while read num ip
do
\u00a0 \u00a0 if (($num > 15))
\u00a0 \u00a0 then
\u00a0 \u00a0 \u00a0 \u00a0 grep $ip \/var\/log\/secure &>\/dev\/null
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if [[ $? != 0 ]]
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 then
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 echo “sshd:$ip” >> \/etc\/host.deny
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 fi
\u00a0 \u00a0 fi
done < \/tmp\/ssh_log<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

\u67e5\u8be2\u54ea\u4e2aip\u626b\u63cf\u6bd4\u8f83\u591a\u7684<\/p>\n\n\n\n

cat \/var\/log\/secure* | grep “Failed password” | awk ‘{ print $(NF-3)}’ | sort -n | uniq -c<\/p>\n\n\n\n

grep “Failed password” \/var\/log\/secure* | awk ‘{ print $(NF-3)}’ | sort -n | uniq -c<\/p>\n\n\n\n

\u8f6c\u8f7d\u4e8e:https:\/\/my.oschina.net\/fengjihu\/blog\/192464<\/p>\n","protected":false},"excerpt":{"rendered":"

\u811a\u672c1\uff1a #!\/bin\/bash #\u7edf\u8ba1\u5c1d\u8bd5\u767b\u9646\u6b21\u6570cat \/var\/log\/secure | grep &#…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-178","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"http:\/\/feel.name\/index.php?rest_route=\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/feel.name\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/feel.name\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/feel.name\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/feel.name\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=178"}],"version-history":[{"count":1,"href":"http:\/\/feel.name\/index.php?rest_route=\/wp\/v2\/posts\/178\/revisions"}],"predecessor-version":[{"id":179,"href":"http:\/\/feel.name\/index.php?rest_route=\/wp\/v2\/posts\/178\/revisions\/179"}],"wp:attachment":[{"href":"http:\/\/feel.name\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/feel.name\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/feel.name\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}