The security and stability of the server is the goal that every operational dimension wants to achieve, after all, once the site traffic is big, visit high, there will be some boring people to attack, to help detect the loophole is good, but the nature of pure DDoS is very bad. Said far, this article is only to detect illegal IP login to the server automatically to the Operation Dimension Alarm, Of course, can also be changed to SMS alarm, if you have a short message gateway.
Copy Code code as follows:
#!/bin/bash
#该脚本作用是检测是否有恶意IP登陆服务器并邮件报警
#可以结合139邮箱以达到短信及时通知到手机的功能
#适用系统centos5
Ldate= ' which date '
lawk= ' which awk '
Llast= ' which last '
lgrep= ' which grep '
Lsendmail= ' which SendMail '
lifconfig= ' which ifconfig '
serverip= ' $Lifconfig eth0| $Lgrep inet| $Lawk-F: ' {print $} ' | $Lawk ' {print $} '
Cutdate= ' $Ldate | $Lawk ' {print $ ' $ ' ' $} '
hackerip= ' $Llast | $Lgrep "$cutdate" | $Lawk ' {print $} ' | $Lgrep-v 192.168.1x.xx '
If [-Z $hackerip]
Then
Exit
Else
For LOGIP in $hackerip
Todo
echo "Hacker IP is $LOGIP already login $serverip" |mail-s "SOS rocdk890@139.com
Done
Fi