International - English

Cart Console

Topic Center

Contact Sales

Home > Cloud Computing > Cloud Security

Shell and iptables automatically reject malicious ssh connection

Last Update:2013-11-29 Source: Internet

Author: User

Tags egrep

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Modify the function to automatically release the locked IP Address

Increase the automatic execution time, without modifying it in the task plan

No frequent alerts

Use this method to change the marked red area to your desired

Run the command to create a file named ssh and copy the script content to the ssh file.

Execute Command

# Nohup./ssh &

It runs continuously in the background.

Stop method:

# Ps aux | grep./ssh | grep-v '/usr/sbin/sshd' | grep-v grep | awk' {print $2} '| xargs kill-9

Script content

#! /Bin/bash

While [1]

# Set the script running interval (in seconds)

EXEC_TIME = 60

# Set the number of connection errors

NUMBER = 5

# Email alarm Address Settings

MAILFROM = monitor@x.x.x.x.com

MAILTO = x.x.x.x@sina.cn

# Set the time (in seconds) for releasing the locked IP Address)

RETIME = 3000.

# Set the local IP address, which is used for mail alarm

IPADDR = 192.168.0.91

# Set the storage location of the obtained IP Address

BADIP =/tmp/. ssh/. ssh_badip

BKIP =/tmp/. ssh/. back_ssh_badip

Mkdir/tmp/. ssh 2>/dev/null

Touch $ BADIP $ BKIP

LOG =/var/log/messages

# Obtain the sshd service port

SSHPORT = 'netstat-antlp | grep sshd | awk-F: '{print $4}' | sed-n '1p''

TIME = 'date + "% Y-% m-% d % H: % M: % S "'

IPTFILE =/tmp/. ssh/. iptables

IPLIST =/tmp/. ssh/. iplist

Touch $ IPTFILE $ IPLIST

LINEA = 'grep-v date $ BKIP | wc-l | awk '{print $1 }''

Echo "day" Hour "connection times" IP address "date" Hour "> $ BADIP; lastb-I | awk '{print $3 "" $6 "" $7}' | awk-F: '{print $1}' | sort | uniq-c | awk '$1>' $ number' {print $1 "" $2 "" $3 "" $4} '| awk-vtime = "$ TIME"' {print time "" $1 "" $2 "" $3 "" $4} '| column-t> $ BADIP

Cat $ BADIP> $ BKIP

DROPIP = 'cat $ BADIP | wc-l'

Ipline =/tmp/. ssh/. ipline

Touch $ ipline

If [$ DROPIP-gt 1]; then

For bip in 'grep-v date $ BADIP | awk '{print $4 }''

IPLINEA = '/sbin/iptables-L-n -- line-number | egrep' [DROP | 22] '| grep-v Ch | awk' {print $1}' | wc -l'

Echo $ IPLINEA> $ ipline

Iptables-I INPUT-s $ bip-p tcp -- dport $ SSHPORT-j DROP

Echo $ bip> $ IPLIST

Echo "$ TIME Lock IP address $ bip iptables"> $ LOG

Cat/var/log/btmp>/var/log/btmp. bak;>/var/log/btmp

TIME_NOWA = 'date + % s'

Echo $ TIME_NOWA> time

Done

LINEVE = 'wc-l/tmp/. ssh/. ipline | awk '{print $1 }''

If [$ LINEVE-gt 0]; then

Echo linefile OK>/dev/null

Else

Echo 0> $ ipline

IPLINE = 'cat $ ipline'

LINEB = 'grep-v date $ BKIP | wc-l | awk '{print $1 }''

VALUE = 'echo "$ LINEB-$ LINEA" | bc'

# Obtain the IP address included in $ BKIP

LAST = 'Tail-n $ VALUE $ bkip'

If [$ VALUE-gt 0]; then

Sendmail-t <EOF

From: $ MAILFROM

To: $ MAILTO

Subject: severe warning

$ Time someone is trying to connect to the SSH service. The system has helped you intercept it. For details, log on to the server $ IPADDR.

$ LAST

EOF

Echo "$ TIME send mail to $ MAILTO"> $ LOG

IPLINEB = '/sbin/iptables-L-n -- line-number | egrep' [DROP | 22] '| grep-v Ch | awk' {print $1}' | wc -l'

If [$ IPLINEB-eq 1]; then

IPLINEB = '/sbin/iptables-L-n -- line-number | egrep' [DROP | 22] '| grep-v Ch | awk' {print $1}' | wc -l>/dev/null; echo "$ IPLINEB + 1" | bc'

# Current time

OLD_TIME = 'cat time'

TIME_NOWB = 'date + % s'

# Interval Determination

TIME_IN = 'echo "$ TIME_NOWB-$ OLD_TIME" | bc'

# Deleting prohibited IP addresses

LNUMBER = 'echo "$ IPLINEB-$ IPLINE" | bc'

If [$ LNUMBER-lt 2]; then

LNUMBER = 'echo "$ IPLINEB-$ IPLINE + 2" | bc'

Else

LNUMBER = 'echo "$ IPLINEB-$ IPLINE" | bc'

If [$ LNUMBER-gt 1]; then

If [$ TIME_IN-gt $ RETIME]; then

Iptables-L-n -- line-number | awk '{print $5 "" $2 "" $1 "" $8}' | awk-Fdpt: '{print $1 "" $2}' | egrep-V' [num | Ch] '| grep $ SSHPORT | column-t> $ IPTFILE

RMIP = 'cat $ IPLIST | awk '{print $1 }''

For I in 'awk' NR = FNR {a [$1] = $2 "" $3 "" $4} NR> FNR {print $0, a [$1]} '$ IPTFILE $ IPLIST | awk' {print $3 }''

Iptables-d input $ I

> $ IPLIST

Echo "$ TIME Remove lock $ rmip ip address"> $ LOG

Done

# Ps aux | grep./ssh | grep-v '/usr/sbin/sshd' | grep-v grep | awk' {print $2} '> $ LOG

Sleep $ EXEC_TIME

Done

This article is from the "Technical Exchange" blog

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:

ssh enter password automatically ssh shell iptables allow ssh iptables block ssh ssh connection free ssh shell ssh secure shell windows

How does personal cloud security guarantee data security? 02-28

Model-driven cloud security-automating cloud security with cl... 02-27

Cloud security to achieve effective prevention of the future ... 02-27

Focus on three major cloud security areas, you know? 10-12

Decrypting Cisco type 5 password hashes 12-30

Using redis to write webshell 03-19

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending

Top 10 Tags

datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling

Top 10 Keywords

microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Shell and iptables automatically reject malicious ssh connection

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support