关于ssh:ssh登陆黑名单

防火墙IP封禁

#!/bin/bashDATE=$(date +"%a %b %e %H")#sshd登陆失败防火墙禁用DROP_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>3)print i}')for ip in $DROP_IP; do    if [ $(firewall-cmd  --list-all |grep drop |grep -c "$ip") -eq 0 ]; then       firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$ip" drop" >> /dev/null       firewall-cmd --reload >>/dev/null      fidone

黑名单封禁

#!/bin/bashDATE=$(date +"%a %b %e %H")#sshd登陆失败三次即拉入黑名单DROP_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>3)print i}')for IP in $DROP_IP; do    if [ $(cat /etc/hosts.deny |grep -c "$IP") -eq 0 ]; then        echo "sshd:$IP:deny" >> /etc/hosts.deny      fidone