ssh登陆黑名单

防火墙IP封禁

#!/bin/bash
DATE=$(date +"%a %b %e %H")
#sshd登陆失败防火墙禁用
DROP_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>3)print i}')
for ip in $DROP_IP; do
    if [ $(firewall-cmd  --list-all |grep drop |grep -c "$ip") -eq 0 ]; then
       firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$ip" drop" >> /dev/null
       firewall-cmd --reload >>/dev/null
      fi
done

黑名单封禁

#!/bin/bash
DATE=$(date +"%a %b %e %H")
#sshd登陆失败三次即拉入黑名单
DROP_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>3)print i}')
for IP in $DROP_IP; do
    if [ $(cat /etc/hosts.deny |grep -c "$IP") -eq 0 ]; then
        echo "sshd:$IP:deny" >> /etc/hosts.deny      
fi
done