login shell - TuPengXiong/TuPengXiong.github.io GitHub Wiki

#!/bin/bash
# 获取用户失败的ip
# 获取当前时间
date=$(date +%Y-%m-%d_%H:%M:%S)
echo $date
grep  -r 'Failed password' /var/log/secure|awk '{print $(NF-3)}'|sort|uniq -c>/data0/scripts/ip.deny
echo '==============登录失败的IP============'
cat /data0/scripts/ip.deny|awk '{print "IP:"$2"失败次数:"$1}'
#cat ip.deny|awk '{print "sshd:"$2" deny"}'
# 防火墙清除所有
iptables -F
# 重新添加防火墙
cat /data0/scripts/ip.deny | while read line
do
    ip=`echo $line|awk '{print $2}'`;
    num=`echo $line|awk '{print $1}'`
    if [ $num -ge 6 ]
	then 
		echo "========================封ip:[${ip}][${num}]============================="
        	iptables -I INPUT -s $ip -j DROP;
    fi
done

# 解封 ip
iptables -D INPUT -s 123.124.17.82 -j DROP

# 重启防火墙
service iptables save
service iptables restart

# 查看
iptables -L

# 备份数据
if [ -e /data0/scripts/ip.deny ]
        then
                cp /data0/scripts/ip.deny /data0/scripts/bak/ip.deny.${date}
fi