#!/bin/bash
dir=/home/zhao/ip_list.txt
>$dir
x=`awk '/Failed/{ip[$11]++}END{for(i in ip){print i","ip[i]}}' /var/log/secure`
num=0
for i in $x
do
ip=${i%,*}
nu=${i#*,}
[ $nu -gt 20 ] && echo $ip >> $dir
done
echo "总共`cat $dir | wc -l`个用户,出现违规登录被拒。"
num=0
for i in `awk '$1!~/^[0-9]{1,3}\.([0-9]{1,3}\.)([0-9]{1,3}\.)([0-9]{1,3})$/' $dir`
do
echo $i >>/etc/hosts.deny
let num++
done
echo "$num个用户被加入hosts.deny。"
sleep 0.5
num=0
for i in `awk '/^[0-9]{1,3}\.([0-9]{1,3}\.)([0-9]{1,3}\.)([0-9]{1,3})$/' $dir`
do
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=$i drop"
let num++
done
echo "$num个IP被加入防火墙黑名单"
firewall-cmd --reload