屏蔽恶意IP

#!/bin/bash
cat /var/log/secure | grep Failed | awk -F " " '{print $11}'| sort| uniq -c|  awk '{print $2"="$1}' > /tmp/badlist
for i in `cat /tmp/badlist`
do
badnum=5
IP=`echo $i| awk -F "=" '{print $1}'`
number=`echo $i | awk -F "=" '{print $2}'`
if [ $number -gt $badnum ];then
	cat /etc/hosts.deny | grep $IP
	if [ $? -ne 0 ];then
		echo "sshd:$IP" >> /etc/hosts.deny
	fi
fi
done

可以把脚本放入周期任务,定时自动检测。