Linux 防止SSH暴力破解密码 |
#!/bin/bash #Denyhosts SHELL SCRIPT #2013-6-24 cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"=" $1;}' >/usr/local/bin/Denyhosts.txt DEFINE="10" for i in `cat /usr/local/bin/Denyhosts.txt` do IP=`echo $i|awk -F= '{print $1}'` NUM=`echo $i|awk -F= '{print $2}'` if [ $NUM -gt $DEFINE ] then grep $IP /etc/hosts.deny >/dev/null if [ $? -gt 0 ]; then echo "sshd:$IP" >> /etc/hosts.deny fi fi done 添加到定时任务 crontab -e 添加定时任务 */2 * * * * /usr/local/bin/denyhosts.sh 执行启动 /sbin/service crond start |