1)结合/var/log/secure文件,将ssh登陆失败次数大于N的IP封顶
N=3 SEC_FILE=/var/log/secure for ip in `grep "Failed password" $SEC_FILE|grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort -n|uniq -c|awk ‘{if($1>$N) print $2}‘` do iptables -A INPUT -s $ip -p tcp --dport 22 -j DROP done
时间: 2024-10-25 00:17:10