屏蔽恶意IP

#!/bin/bash
cat /var/log/secure | grep Failed | awk -F " " '{print $11}'| sort| uniq -c|  awk '{print $2"="$1}' > /tmp/badlist
for i in `cat /tmp/badlist`
do
badnum=5
IP=`echo $i| awk -F "=" '{print $1}'`
number=`echo $i | awk -F "=" '{print $2}'`
if [ $number -gt $badnum ];then
    cat /etc/hosts.deny | grep $IP
    if [ $? -ne 0 ];then
        echo "sshd:$IP" >> /etc/hosts.deny
    fi
fi
done

能够把脚本放入周期任务,定时自动检测。