grep -n "Failed password" secure | sed -nr 's/.*from(.*)port.*/1/gp' | sort -n |uniq -c|sort -nr
这里我有一个大的文件,在文件里面获取IP地址并拉黑,实现防护,不让拉黑的IP尝试登陆服务器
#!/bin/bash
grep -n "Failed password" secure |sed -nr 's/.*from(.*).port.*/1/gp'|sort -n |uniq -c|sort -nr > ip2.txt
cat ip2.txt |awk '{print $2}' >ip3.txt
for i in `cat /root/ip3.txt`
do
grep $i /etc/hosts.deny
if [ $? -gt 0 ]
then
echo "sshd:$i" >> /etc/hosts.deny
fi
done