This is my first shell Script, write chaos, experiment, or is available, and now on my own Web server running up!! ~~
#!/bin/bash# this shell script to prevent SSH brute force hack #auther:aaron guo#date:jan 8 2016#version:1.2# Specifies the shell's log file logfile= "/var/log/blocked_ip" # gets the current time, used for grep /var/log/secure. (format: MM DD  HH) timenow=$ (date ' +%b %e %h ') # if 20 connections fail within the current hour, record rootip=$ (grep "$timenow" /var/log/secure|grep root.*because|awk ' {print $9} ' |sort|uniq -c|sed s/[\. [a-za-z].*//g|awk ' $1>20 {print $1 ":" $ $} ') anyip=$ (grep "$timenow" /var/log/secure| grep invalid| awk ' {print $10} ' |sort|uniq -c|sed s/[\. [a-za-z].*//g|awk ' $1>20 {print $1 ":" $ $} ') # add hack root password to iptablesfor i in $rootipdoip =$ (echo $i |awk -f: ' {print $2} ') # check if an attacker's IP is present in Iptables no . iptables-save|grep INPUT|grep DROP|grep "$ip" >/dev/null# If not present (that is, the previous command execution error, the variable $? > 0 ), then add to iptables. if [ $? -gt 0 ]; then iptables -a input -s "$ip" -p tcp --dport 22 -j DROP now=$ (date ' +% Y-%m-%d %h:%m ') # add to log file. echo -e "$now : $ip" >> $ logfile fidone# add those who try the name of the user to iptables.for i in $anyipdoip =$ (echo $i |awk -f: ' {print $2} ') # check crackers ip exist or not. iptables-save|grep input| grep drop|grep "$ip" >/dev/null# do not exist , add to iptables. if [ $? -gt 0 ]; then iptables -A INPUT -s "$ip" -p tcp --dport 22 -j DROP now=$ (date ' +%y-%m-%d %h:%m ') # add to log file. echo -e "$now : $ip" >> $logfile fidone
Finally add the script executable (x) permissions, and then add to/etc/crontab, I set the execution every 10 minutes (*/10)
# for details see Mans 4 crontabs# Example of Job definition:#.----------------minute (0-59) # | .-------------Hour (0-23) # | | .----------Day of Month (1-31) # | | | .-------month (1-12) OR jan,feb,mar,apr ... # | | | | .----Day of Week (0-6) (sunday=0 or 7) or sun,mon,tue,wed,thu,fri,sat# | | | | |# * * * * * user-name command to be executed */10 * * * * root/root/blockip.sh
If there are errors, please correct me!!
This article is from "Lao Guo's Journal" blog, please be sure to keep this source http://laoguo.blog.51cto.com/11119466/1735478
SSH to prevent brute force shell script
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
