測試
#!/bin/bash
>/etc/fileno
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '$1>=3 {print $2}'>/etc/fileno
for i in `cat /etc/fileno`
do
echo "sshd:$i" >> /etc/hosts.deny
done
$(NF-3)是倒數第四列
功能:登陸失敗次數大於3加入黑名單自動監控腳本
實時監控放到/etc/profile.d/
#!/bin/bash
while true
do
for i in `cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '$1>=3 {print $2}'`
[ `egrep -v "#" /etc/hosts.deny |uniq -c|awk '$1>1{print $2}'` -eq $i ]||echo "sshd:$i">>/etc/hosts.deny
done