defender/ssh.sh at master · nanqinlang-script/defender · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# log file
# centos: /var/log/secure
# debian: /var/log/auth.log
log_file=

# your public ip
public_ip=

# define max tried logined times
define=

ban(){
list=`cat ${log_file} | grep "Failed" | awk '{print $(NF-3)}' | sort | uniq -c | awk '{print $2"="$1;}'`

if [[ ! -z ${list} ]]; then
for i in ${list}
do
	ip=`echo $i | awk -F= '{print $1}' | head -n 1`
	times=`echo $i | awk -F= '{print $2}' | head -n 1`
	if [[ "${ip}" != "${public_ip}" && "${times}" > "${define}" ]]; then
		# 检查重复
		exist=`iptables -nL | grep ${ip}`
		if [[ -z ${exist} ]]; then
			# 封禁
			iptables -t filter -A INPUT -s ${ip} -j DROP
			# 记录
			date=`date +%Y.%m.%d-%H:%M:%S`
			echo "${date}    ${ip}" >> /home/ban/ssh.conf
		fi
	fi
done
fi
}


#每 1 秒一次
while true
do
	ban
	sleep 1
done