利用hosts.deny拒絕ssh試探登錄

                                  使用hosts.deny拒絕ssh試探鏈接

主要是爲了考慮到在公網打開ssh後，不斷有人試探鏈接，自動實現拒絕。

#!/bin/bash #趙雲 #自動監控ssh試探登錄,將其添加在/etc/hosts.deny實現拒絕 #設置嘗試次數,嘗試操做3次，就實現拒絕鏈接 number=3 #設置運行間隔時間,單位秒 sleep=1 #設置鎖定試探IP地址時間，單位秒 locktime=15 lockfile=/tmp/lock-ipadd touch $lockfile while true do #執行鎖定檢查 for badip in `lastb  |awk '{print $3}' |grep -v ^$  |grep -v [A-Z] |sort |uniq -c |awk -vn="$number" '$1 > n {print $2}' ` do    time=`date +%s`    bip=`echo $badip |head -n $i |tail -n1`    echo $bip |grep [0-9] &>/dev/null    if [ $? -eq 0 ] ; then        grep $bip $lockfile &>/dev/null        if [ $? -eq 1 ] ; then           echo $bip.$time >>$lockfile        fi        grep $bip /etc/hosts.deny &>/dev/null        [ ! $? -eq 0 ] && (echo "SSHD:$bip" >>/etc/hosts.deny; logger "lock ip address $bip ")        cat /var/log/btmp >> /var/log/btmp.bak        >/var/log/btmp    fi done #解除鎖定操做 nowtime=`date +%s` rows=`wc -l  $lockfile |awk '{print $1}' ` for (( i=1;i<=rows;i++)) do        line=`cat -n $lockfile |head -n $i |tail -n1 |awk -F. '{print $5" "$1}' |awk -vt="$nowtime" '{print t-$1" "$2}' |awk -vt="$locktime" '$1>t {print $2}'`        echo $line |grep [0-9] &>/dev/null     if [ $? -eq 0 ] ; then        unlockip=`cat -n $lockfile |column -t | grep ^$line |awk '{print $2}' | awk -F. '{print $1"."$2"."$3"."$4}'`        sed -i "/SSHD:$unlockip/d" /etc/hosts.deny        logger "unlock ip address $unlockip "        sed -i "/$unlockip/d" $lockfile     fi done    sleep $sleep done

日誌查看 tail /var/log/messages Apr  6 19:49:58 localhost sess: lock ip address 192.168.0.31 Apr  6 19:50:47 localhost sess: unlock ip address 192.168.0.31 Apr  6 19:51:02 localhost sess: unlock ip address 192.168.0.56