登录失败次数超过10次,禁止该IP登录。放入计划任务10分钟执行一次。
[lishichao@yunwei-test ~]$ cat /etc/crontab
*/10 * * * * root sh /opt/apps/shell/check_login_ip.sh
#!/bin/bash cat /var/log/secure|grep "Failed password"|grep root|awk '{a[$11]++} END {for (key in a) print key,a[key]}'>/tmp/check_login_ip.txt cat /var/log/secure|grep "Failed password"|grep user|awk '{a[$13]++} END {for (key in a) print key,a[key]}' >>/tmp/check_login_ip.txt cat /tmp/check_login_ip.txt|while read LINE do ip=`echo $LINE|awk '{print $1}'` num=`echo $LINE|awk '{print $2}'` number='10' # echo $ip if [[ ${num} -ge ${number} ]];then grep "$ip" /etc/hosts.deny >>/dev/null if [[ $? -ne 0 ]];then echo "sshd:$ip:deny" >>/etc/hosts.deny echo "$ip loging faild:$num,Refused login" fi fi done