首頁 > 開發者 > CentOS

CentOS/REHL 6 SSH日誌過濾指令碼,防止暴力破解

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!

標籤:

指令碼簡介,指令碼會去過濾SSH的記錄檔(/var/log/secure*),然後通過grep/awk/sort/uniq命令過濾出日誌,以及日誌的統計資訊。

 

然後通過判斷,當有一個IP的失敗次數過多,就發送郵件和登陸失敗的日誌給管理員。在生產環境中可以需要把郵件地址改成admin的郵箱地址,前提是你的server可以通過原生郵件伺服器發送郵件。

 

指令碼源碼:

------------------------------------------------------------------------------------------------------------------------------

[[email protected] ~]# cat chk_ssh_login.sh
#!/bin/bash

ServerIP=`ifconfig  eth0 | grep "inet addr" | awk ‘{print $2}‘ | awk -F ":" ‘{print $2}‘`

# Get SSH failure login infos.
grep -r Failed /var/log/secure* > /root/ssh_failure_data.log

# Filter failure login infos.
cat /root/ssh_failure_data.log | awk ‘{print $(NF-3),$(NF-5)}‘ | sort | uniq -c | awk ‘{print $1"="$2"="$3}‘ >  /root/ssh_data.log

for i in `cat /root/ssh_data.log`
    do
        Count=`echo $i |awk -F"=" ‘{print $1}‘`
        IP=`echo $i |awk  -F"=" ‘{print $2}‘`
        User=`echo $i |awk -F"=" ‘{print $3}‘`
        if [ $Count -gt 10 ]; then
            grep $IP /root/ssh_failure_data.log > /tmp/ssh_error.logs
            mail -s "SSH abnormal login occurred on server $ServerIP." [email protected] < /tmp/ssh_error.logs
            rm -rf /tmp/ssh_error.logs
        fi
done
------------------------------------------------------------------------------------------------------------------------------

 

執行過程:

------------------------------------------------------------------------------------------------------------------------------
[[email protected] ~]# sh chk_ssh_login.sh
You have mail in /var/spool/mail/root
[[email protected] ~]#
[[email protected] ~]#

------------------------------------------------------------------------------------------------------------------------------

 

查看執行結果:

------------------------------------------------------------------------------------------------------------------------------
[[email protected] ~]# mail
Heirloom Mail version 12.4 7/29/08.  Type ? for help.
"/var/spool/mail/root": 5 messages 1 new 3 unread
    1 Cron Daemon           Fri Jun 21 23:53  22/880   "Cron <[email protected]> /usr/lib64/sa/sa2 -A"
 U  2 [email protected]  Wed Feb 26 17:50  47/2260  "[abrt] full crash report"
 U  3 Mail Delivery System  Sun Aug 24 11:31  74/2797  "Undelivered Mail Returned to Sender"
    4 root                  Thu Apr 23 11:03  29/2108  "SSH abnormal login occurred on server 10.9.249.173."
>N  5 root                  Thu Apr 23 11:04  28/2097  "SSH abnormal login occurred on server 10.9.249.173."
& 5
Message  5:
From [email protected]  Thu Apr 23 11:04:02 2015
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Date: Thu, 23 Apr 2015 11:04:02 +0800
To: [email protected]
Subject: SSH abnormal login occurred on server 10.9.249.173.
User-Agent: Heirloom mailx 12.4 7/29/08
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R

/var/log/secure:Apr 22 15:10:55 youserver sshd[21486]: Failed password for user1 from 10.9.150.68 port 33275 ssh2
/var/log/secure:Apr 22 15:10:59 youserver sshd[21486]: Failed password for user1 from 10.9.150.68 port 33275 ssh2
/var/log/secure:Apr 22 15:11:03 youserver sshd[21486]: Failed password for user1 from 10.9.150.68 port 33275 ssh2
/var/log/secure:Apr 22 15:11:39 youserver sshd[21489]: Failed password for user1 from 10.9.150.68 port 33276 ssh2
/var/log/secure:Apr 22 15:13:27 youserver sshd[21498]: Failed password for user1 from 10.9.150.68 port 33277 ssh2
/var/log/secure:Apr 22 15:15:08 youserver sshd[21498]: Failed password for user1 from 10.9.150.68 port 33277 ssh2
/var/log/secure:Apr 22 15:15:19 youserver sshd[21506]: Failed password for user1 from 10.9.150.68 port 33278 ssh2
/var/log/secure:Apr 22 15:16:21 youserver sshd[21536]: Failed password for user1 from 10.9.150.68 port 33280 ssh2
/var/log/secure:Apr 22 15:16:25 youserver sshd[21536]: Failed password for user1 from 10.9.150.68 port 33280 ssh2
/var/log/secure:Apr 22 15:16:30 youserver sshd[21536]: Failed password for user1 from 10.9.150.68 port 33280 ssh2
/var/log/secure:Apr 22 15:19:07 youserver sshd[21571]: Failed password for user1 from 10.9.150.68 port 33281 ssh2

& q
Held 5 messages in /var/spool/mail/root

------------------------------------------------------------------------------------------------------------------------------

CentOS/REHL 6 SSH日誌過濾指令碼,防止暴力破解

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

相關關鍵詞:
centos 6 php 5 6 centos 6 centos 6 support cycle docker centos 6 epel centos 6 epel repo centos 6 centos 6 nodejs
相關文章
解決Centos yum 更新出錯
CentOS 7 下安裝 Ceph 儲存叢集
centos關機與重啟命令 shutdown -r now 立刻重啟
centos 7 已經支援 gcc 編譯32位程式
CentOS 6.5 編譯安裝 gcc-4.8.0
CentOS 7 學習(二) 配置Nginx反向 Proxy

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

熱門內容

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More