ubuntu or centos 屏蔽 ssh 恶意爆破 ip

0x00

服务器经常被别人恶意爆破，如何将这些 IP 加入黑名单？

0x01

ubuntu

#!/bin/bash
cat /var/log/auth.log|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /tmp/blackIP.txt
TRYCOUNT="5"
for i in `cat /tmp/blackIP.txt`
do
        IP=`echo $i |awk -F= '{print $1}'`
        NUM=`echo $i|awk -F= '{print $2}'`
        if [ $NUM -gt $TRYCOUNT ];
        then
                grep $IP /etc/hosts.deny > /dev/null
                if [ $? -gt 0 ];
                then
            echo "#"`date` >> /etc/hosts.deny
                        echo "ALL:$IP:deny" >> /etc/hosts.deny
                fi
        fi
done

centos

#!/bin/bash
cat /var/log/secure |awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /tmp/blackIP.txt
TRYCOUNT="5"
for i in `cat /tmp/blackIP.txt`
do
        IP=`echo $i |awk -F= '{print $1}'`
        NUM=`echo $i|awk -F= '{print $2}'`
        if [ $NUM -gt $TRYCOUNT ];
        then
                grep $IP /etc/hosts.deny > /dev/null
                if [ $? -gt 0 ];
                then
            echo "#"`date` >> /etc/hosts.deny
                        echo "ALL:$IP:deny" >> /etc/hosts.deny
                fi
        fi
done

可以结合 crontab 定时任务，进行爆破 ip 的封禁。

0x02

封面出处：https://www.pixiv.net/member_illust.php?mode=medium&illust_id=42405579

0x00#

0x01#

0x02#

0x00

0x01

0x02