防火墙IP封禁
#!/bin/bash
DATE=$(date +"%a %b %e %H")
#sshd登陆失败防火墙禁用
DROP_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>3)print i}')
for ip in $DROP_IP; do
if [ $(firewall-cmd --list-all |grep drop |grep -c "$ip") -eq 0 ]; then
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$ip" drop" >> /dev/null
firewall-cmd --reload >>/dev/null
fi
done
黑名单封禁
#!/bin/bash
DATE=$(date +"%a %b %e %H")
#sshd登陆失败三次即拉入黑名单
DROP_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>3)print i}')
for IP in $DROP_IP; do
if [ $(cat /etc/hosts.deny |grep -c "$IP") -eq 0 ]; then
echo "sshd:$IP:deny" >> /etc/hosts.deny
fi
done