監控服務器被***後能正常登錄系統的IP,排除我們指定登錄服務器的IP。
#!/bin/bash
strings/var/log/wtmp|grep-Ev'192.168|218.18'|grep-iv[a-z,:]|sort|uniq-c|awk-F\'$1<2&&$2!=""{print$2}'>/home/wtmp.list
IPTABLES=/sbin/iptables
iplist=`cat/home/wtmp.list|wc-l`
if[$iplist-gt"0"];then
whilereadline
do
t=`echo"$line"`
$IPTABLES-AINPUT-ptcp-s$t-jDROP
done</home/wtmp.list
serviceiptablessave
serviceiptablesrestart
fi
exit