Prevent the server from being connected by the Internet IP address through ssh or scan for testing.

The Code was modified in the second version of the high-availability Linux server built by Mr. Yu hongchun: A security script is provided to a friend to prevent other IP addresses from connecting to the server through ssh or being harassed. The following is the test result on an Internet forum of CentOS release 6.3 x64 system.

# cat hosts_deny.sh-----------------------------------------------------------------------#!/bin/bash#Host.deny Shell Script#2013-08-24cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2 "=" $1;}' > /tmp/black_ip.txtDEFINE=10for i in `cat /tmp/black_ip.txt`do        IP=`echo $i | awk -F= '{print $1}'`        NUM=`echo $i | awk -F= '{print $2}'`        if [ $NUM -gt $DEFINE ]        then                grep $IP /etc/hosts.deny > /dev/null                if [ $? -gt 0 ]                then                        echo "sshd:$IP" >> /etc/hosts.deny                fi        fidone-----------------------------------------------------------------------# crontab -l*/1 * * * * sh /shell_script/hosts_deny.sh-----------------------------------------------------------------------# grep sshd /etc/hosts.denysshd:116.10.202.163sshd:116.10.202.169sshd:118.26.203.66sshd:119.80.39.55sshd:202.203.194.45sshd:219.148.36.20sshd:60.190.219.98sshd:61.155.177.58sshd:67.205.111.20sshd:70.34.202.31sshd:77.65.0.86

 

The above IP addresses are found through scripts. We recommend that you use them. We also hope that you can support the work of instructor Yu hongchun.