Use shell and iptables to automatically reject malicious attempts to connect to the SSH service and send an email to the Administrator. [Root @ ZHAOYUN ~] # Cat ssh. sh
#! /Bin/bash
TIME = 'date + "% Y-% m-% d % H: % M: % S "'
BADIP =/root/ssh_badip
BKIP =/root/back_ssh_badip
AR = 'wc-l $ BKIP | awk '{print $1 }''
Lastb | awk '{print $3 "" $6 "" $7}' | awk-F: '{print $1}' | sort | uniq-c | awk '$1> 5 {print $1 "" $2 "" $3 "" $4}' | awk -vtime = "$ TIME" '{print time "" $1 "" $2 "" $3 "" $4}'> $ BADIP
Cat $ BADIP> $ BKIP
For bip in 'awk' {print $4} '"$ BADIP "'
Do
Iptables-I INPUT-p tcp -- dport 22-s $ bip-j DROP
Done
AR2 = 'wc-l $ BKIP | awk '{print $1 }''
VALUE = 'echo "$ AR2-$ AR" | bc'
LAST = 'Tail-n $ VALUE $ bkip'
If [$ VALUE-gt 0]; then
Sendmail-t <EOF
From: monitor@zhaoyun.com
To: 15101507336@139.com
Subject: severe warning
$ TIME someone is trying to connect to the SSH service. The system has blocked it for you. Please log on to the system for details.
$ LAST
EOF
Fi
~ Add */15 ***/root/ssh to the task scheduler. sh */20 * cat/var/log/btmp>/var/log/btmp. bak;>/var/log/btmp **/2 *** service iptables restart email effect 650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0R4343538-0.jpg "/>
This article is from the "Technical Exchange" blog, please be sure to keep this source http://zhaoyun.blog.51cto.com/2090116/614496