shell 脚本设置访问控制,多次失败登录即封掉 IP,防止暴力破解 ssh
当发现某一台主机向服务器进行 SSH 远程管理,在 10 分钟内输错密码 3 次,使
用 firewalld 进行响应, 禁止此 IP 再次连接,6 个小时候后再次允许连接。
一、系统:Centos7.1 64 位
二、方法:读取/var/log/secure,查找关键字 Failed
Jan 4 16:29:01 centos7 sshd[1718]: Failed password for root from 192.168
.120.1 port 2171 ssh2
Jan 4 16:29:02 centos7 sshd[1718]: pam_succeed_if(sshd:auth): requireme
nt "uid >= 1000" not met by user "root"
Jan 4 16:29:04 centos7 sshd[1718]: Failed password for root from 192.168
.120.1 port 2171 ssh2
Jan 4 16:29:06 centos7 sshd[1718]: error: Received disconnect from 192.1
68.120.1 port 2171:0: [preauth]
Jan 4 16:45:53 centos7 sshd[1758]: Failed password for root from 192.168
.120.134 port 40026 ssh2
三.shell 代码,创建 test.sh
#!bin/bash
#Intercept illegal IP addresses
month=$(LANG=C date +"%b")
day=$(LANG=C date +"%e")
now=$(LANG=C date +"%T")
ten=$(LANG=C date -d "10 minutes ago" +"%T")