Write an SSH anti-violence hack script.
The principle is to detect the SSH connection log, filter the login failed IP, more than the number of login to add it into the Hosts.deny file, limit its login.
The script is as follows:
#! /bin/bashcat /var/log/secure|awk '/failed/{print $ (NF-3)} ' |sort|uniq -c|awk ' {print $2 "=" $;} ' > /root/black.txtdefine= "Ten" for i in ' Cat /root/black.txt ' do ip= ' echo $i |awk -F= ' {print $1} ' num= ' echo $i |awk -f= ' {print $2} ' if [ $NUM -gt $DEFINE ]; then grep $IP /etc/ hosts.deny > /dev/null if [ $? -gt 0 ]; then echo "sshd: $IP" >> /etc/hosts.deny & nbsp; fi fidone
Note that the SSH log file path for Ubuntu and CentOS is different:
/var/log/auth.log Ubuntu is this file
/var/log/secure CentOS is this file
Then add the task schedule:
Centos:
echo "* */1 * * * * root sh/root/ssh_deny.sh" >>/var/spool/cron/root
Ubuntu:
echo "* */1 * * * * root sh/root/ssh_deny.sh >/dev/null 2>&1" >>/var/spool/cron/crontabs/rootcrontab/var /spool/cron/crontabs/root
Since Ubuntu's default shell is dash, which causes crontab not to run, we'll just change the default shell to bash.
Rm/bin/sh ln-s/bin/bash/bin/sh
SSH anti-brute shell script