)結合/var/log/secure文件,將ssh登陸失敗次數大於N的IP封掉
1 2 3 4 5 6 | N=3 SEC_FILE= /var/log/secure for ip in ` grep "Failed password" $SEC_FILE| grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -n| uniq -c| awk '{if($1>$N) print $2}' ` do iptables -A INPUT -s $ip -p tcp --dport 22 -j DROP done |
2)查看TCP進程各狀態連接數
1 2 3 | netstat -n | awk '/^tcp/ {++S[$NF]} END {for (a in S) print a,S[a]}' || netstat -n | awk '/^tcp/ {print $NF}' | sort | uniq -c |