分析日志

网络安全

[root@centos7 ~]#tail /var/log/secure -f //监控日志文件

Jan 9 17:26:33 centos7 sshd[10215]: Failed password for fei from 172.18.101.118 port 56128 ssh2
出现 Failed password次数过多有可能是在猜口令，这是拒绝它登录
iastb 失败登录

new=/app/ip.new
lod=/app/ip.lod                                              
while true;do
    awk '/Failed password/{ip[$(NF-3)]++}END{ for(i in ip){if(ip[i]>1){print i}}}' /var/log/secure > $new
        while read line ; do
                grep -q $line $lod || { iptables -A INPUT -s $line -j REJECT ; echo $line >> $lod;}
        done < $new
        sleep 30
done