超过十次,就添加到hosts.deny里面去
#!/bin/bash
date=`date +%Y%m%d`
file="/var/log/secure"
max=10
if [[ -f $file ]]
then
grep Failed $file | awk ‘{print $(NF-3)}‘ | sort -rn | uniq -c | awk ‘{print $2 "=" $1}‘>/shell/ip.txt
fi
for a in `cat /shell/ip.txt`
do
if [[ `echo $a| awk -F"=" ‘{print $2}‘` -gt $max ]]
then
b=`echo $a | awk -F"=" ‘{print $1}‘`
grep $b /etc/hosts.deny >/dev/null
if [[ $? != 0 ]]
then
echo "sshd:$b" >> /etc/hosts.deny
fi
fi
done
限制ssh远程登陆
原文:http://www.cnblogs.com/GXLo/p/5169172.html
