)結合/var/log/secure文件,將ssh登陸失敗次數大於N的IP封掉
1 2 3 4 5 6 | N=3SEC_FILE=/var/log/securefor ip in `grep "Failed password" $SEC_FILE|grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort -n|uniq -c|awk '{if($1>$N) print $2}'`doiptables -A INPUT -s $ip -p tcp --dport 22 -j DROPdone |
2)查看TCP進程各狀態連接數
1 2 3 | netstat -n |awk '/^tcp/ {++S[$NF]} END {for (a in S) print a,S[a]}'||netstat -n |awk '/^tcp/ {print $NF}'|sort|uniq -c |