登陸服務器失敗 IP 統計和處理方法

1、登陸ssh失敗次數統計

1）錯誤的打開方式

awk '/Failed password/ {print $(NF-3)}' secure |sort -n |uniq -c|sort -n |tail /var/log/secure

2）拷貝文件，再查看失敗

cp /var/log/secure .

awk '/Failed password/ {print $(NF-3)}' secure |sort -n |uniq -c|sort -n |tail

3）直接查看失敗

$ awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n

4）查看最近失敗的時間

less /var/log/secure

按G

2、對於防破解問題的處理

1）禁止密碼登陸方式

2）禁止失敗的IP登陸的方式
#

hosts.deny This file contains access rules which are used to

deny connections to network services that either use

the tcp_wrappers library or that have been

started through a tcp_wrappers-enabled xinetd.

#

The rules in this file can also be set up in

/etc/hosts.allow with a 'deny' option instead.

#

See 'man 5 hosts_options' and 'man 5 hosts_access'

for information on rule syntax.

See 'man tcpd' for information on tcp_wrappers

#
sshd:192.168.2.41:deny

/etc/hosts.deny
/etc/hosts.deny
在/etc/hosts.deny文件下面

添加 sshd:192.168.2.41:deny

重啓sshd

3、實現python自動化寫入文件

1）獲取到失敗IP的文件

awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n > ip_fail.txt

2）查看原有的被限制IP的文件

3）執行python腳本文件
def ip_index():
#讀取文件獲取到已經有被限制的IP
ip_list = set()
with open('hosts.deny',mode='r',encoding='utf-8') as f_log:
for line in f_log:
line = line.split('\n')[0].split(' ')[0]
if len(line) !=0 and not line[0].startswith("#"):
line = line.split(":")
ip_list.add(line[1])
return ip_list

def write():

寫入失敗的IP到配置文件中

with open('ip_fail.txt',mode='r',encoding='utf-8') as f:
    for line in f:
        line = line.split('\n')[0].split(' ')
        if int(line[6]) > 2:
            print('登陸失敗次數大於2的IP',line[7])
            with open('hosts.deny',mode='a',encoding='utf-8') as f:
                if line[7] not in ip_list:
                    f.write('sshd:%s:deny\n'%line[7])

if name == 'main':
ip_list = ip_index()
write()

ip_add=>hosts.deny
參考該文章:https://www.cnblogs.com/linu/p/10076647.html