SSH端口两种防御脚本
方法1:
超过10次登陆失败就封掉IP,创建shell脚本:secure_ssh.sh
| 123456789101112 | #! /bin/bashcat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /usr/local/bin/black.txtfor i in `cat /usr/local/bin/black.txt`do IP=`echo $i |awk -F= '{print $1}'` NUM=`echo $i|awk -F= '{print $2}'` result=$(cat /etc/hosts.deny | grep $IP) if [[ $NUM -gt 10 ]];then if [[ $result = "" ]];then echo "sshd: $IP" >> /etc/hosts.deny fi fi |
定时任务:10分钟执行一次,crontab -e
| 1 | */10 * * * * bash /usr/local/bin/secure_ssh.sh |
方法2:
使用Fail2ban程序
| 12345 | sudo apt-get -y updatesudo apt-get install -y fail2ban\cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localsed -i 's/^bantime = 600$/bantime = 3600/g' /etc/fail2ban/jail.localsudo /etc/init.d/fail2ban start |
