安全脚本 |
您所在的位置:网站首页 › ssh登录次数限制 › 安全脚本 |
|
阅读更多
好吧,今天周天,没去公司,最近越来越小资了,居然周天不去公司!而且晚上还做了可乐鸡翅,第一次下厨,味道还行,刚维护完服务器趁着心情抓紧看书,看到个脚本,写下来,虽然不怎么懂,但是我会逐条去理解: 好吧,开始解释下边的代码,(为什么放到上边解释呢,因为我放到下边发现老是在编辑器里边,无法跳到空白栏),注释加到代码里边发现会换行.. #!/bin/bash 好吧,我承认下边的代码我写错了,写成中文的了...,这个我就不解释了,这个就是说我要bash来做解释器,因为shell有好多种....语法有所不同,所以这个肯定要有
#Denyhosts SHELL SCRIPT #20121111 好吧,这个就是注释了,光棍节的注释
下边我们逐个命令来解释了, cat /var/log/secure 这个句话,就是要查看/var/log/secure下的内容,查看了干吗?当然是给后边的命令了... 稍等,我开虚拟机
这条命令执行的结果为: Nov 5 18:51:56 jmx sshd[3723]: Connection closed by 127.0.0.1 Nov 5 18:56:56 jmx sshd[3829]: Connection closed by 127.0.0.1 Nov 5 19:01:56 jmx sshd[3922]: Connection closed by 127.0.0.1 Nov 5 19:06:56 jmx sshd[3998]: Connection closed by 127.0.0.1 Nov 5 19:11:56 jmx sshd[4073]: Connection closed by 127.0.0.1 Nov 5 19:16:56 jmx sshd[4139]: Connection closed by 127.0.0.1 Nov 5 19:21:56 jmx sshd[4214]: Connection closed by 127.0.0.1 Nov 5 19:26:56 jmx sshd[4276]: Connection closed by 127.0.0.1 Nov 5 19:31:56 jmx sshd[4343]: Connection closed by 127.0.0.1 Nov 5 19:36:12 jmx sshd[2943]: pam_unix(sshd:session): session closed for user root Nov 5 19:36:17 jmx polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.43, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Nov 5 19:36:29 jmx sshd[2067]: Received signal 15; terminating. Nov 10 04:49:09 jmx sshd[2044]: Server listening on 0.0.0.0 port 22. Nov 10 04:49:09 jmx sshd[2044]: Server listening on :: port 22. Nov 10 04:49:10 jmx su: pam_unix(su-l:session): session opened for user nagios by (uid=0) Nov 10 04:49:10 jmx su: pam_unix(su-l:session): session closed for user nagios Nov 10 04:49:14 jmx polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Nov 10 04:49:51 jmx sshd[2858]: Accepted password for root from 192.168.220.1 port 49991 ssh2 Nov 10 04:49:52 jmx sshd[2858]: pam_unix(sshd:session): session opened for user root by (uid=0) Nov 10 04:55:23 jmx sshd[2961]: Connection closed by 127.0.0.1 Nov 10 05:00:23 jmx sshd[3020]: Connection closed by 127.0.0.1 Nov 10 05:05:23 jmx sshd[3109]: Connection closed by 127.0.0.1 Nov 10 05:10:23 jmx sshd[3163]: Connection closed by 127.0.0.1 Nov 10 05:15:23 jmx sshd[3223]: Connection closed by 127.0.0.1 Nov 10 05:20:23 jmx sshd[3277]: Connection closed by 127.0.0.1 Nov 10 05:24:13 jmx sshd[2858]: pam_unix(sshd:session): session closed for user root Nov 11 04:02:00 jmx sshd[2123]: Server listening on 0.0.0.0 port 22. Nov 11 04:02:00 jmx sshd[2123]: Server listening on :: port 22. Nov 11 04:02:02 jmx su: pam_unix(su-l:session): session opened for user nagios by (uid=0) Nov 11 04:02:03 jmx su: pam_unix(su-l:session): session closed for user nagios Nov 11 04:02:12 jmx polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Nov 11 04:02:24 jmx sshd[2869]: Accepted password for root from 192.168.220.1 port 53703 ssh2 Nov 11 04:02:24 jmx sshd[2869]: pam_unix(sshd:session): session opened for user root by (uid=0)
然后就是这条命令: awk '/Failed/{print $(NF-3)}' awk 神器啊,我们先看下结果吧,好吧,我这输出为空....,先解释下NF,NF就是每行拥有的字段总数,
然后就是输出倒数第三列.... sort 这个就是排序了....
uniq -c 这个就是算算每个的次数了,uniq的意思是去重复,-c 才是count
然后就是下一句 do 和下边的
done 是一对,这个我就不罗嗦了
awk '{print $2 "=" $1;}' >/root/black.txt 这个的意思就是按照标准格式输出
类似: 192.168.0.1 = 10 然后把它输出到black中 DEFINE="10" 然后定义了一个最大次数
for i in 'cat /root/black.txt' 这句话就是一个循环....(应该是一个逐行的循环...每一行都取出来 @皮总 ,是这个意思不?)
IP='echo $i |awk -F= '{print $1}'' 这句话就是说:给老子把第一行拿出来,然后按照“=”进行分割,把第一个参数赋值给IP
NUM='echo $i |awk -F= '${print $2}'
同样的把次数赋值NUM grep $IP /etc/hosts.deny >/dev/null 这个地方看一下以前hosts.deny是否有这个ip了,当然,/dev/null是个垃圾箱..无底的 if [ $? -gt 0 ]; $?是一个状态码,就是上一条命令是否执行成功了,
也就是说grep 是否有结果,有说明已经存在,没有说明...就是没有 then
如果没放进去过就放进去 echo "sshd:$IP" >> /etc/hosts.deny 然后就是结束if
结束if 然后我来执行下,因为语法什么的的,空格什么的,我估计会有问题
好吧,果然报错: ./deny.sh: line 17: syntax error near unexpected token `fi' ./deny.sh: line 17: ` fi' 我晕啊,这个是啥个意思啊?
是不是空格有问题啊? 大爷的,我查了好半天居然是少了个then... if [ $NUM -gt 0 ] 好吧,还是不能运行 ./deny.sh: line 10: 'echo $i |awk -F= '${print $2}'': bad substitution 大爷的,9行不报错,10行报错... 好吧,网上查了下说要换成bash,问题我本来就是bash啊!!!!好吧,应该是awk语法有问题,我记得之前不是这么写的 好吧,我错了 NUM='echo $i |awk -F "=" '${print $2}'' 我改成这样也报错....好吧,我忽略了9行报错说命令不存在.... 好吧,实在看不出来了.... @皮总看这里,这个为啥报错啊? ---------------------------------给小弟解释下吧
#!/bin/bash #Denyhosts SHELL SCRIPT #20121111 cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c |awk '{print $2 "=" $1;}' >/root/black.txt DEFINE="10" for i in 'cat /root/black.txt' do IP='echo $i |awk -F= '{print $1}'' NUM='echo $i |awk -F= '${print $2}'' if [ $NUM -gt 0 ] grep $IP /etc/hosts.deny >/dev/null if [ $? -gt 0 ]; then echo "sshd:$IP" >> /etc/hosts.deny fi fi done
最终不报错的版本如下: #!/bin/bash #Denyhosts SHELL SCRIPT #20121111 cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c |awk '{print $2 "=" $1;}' >/root/black.txt DEFINE="10" for i in 'cat /root/black.txt' do IP=`echo $i |awk -F"=" '{print $1 }'` NUM=`echo $i |awk -F"=" '{print $2 }'` if [[ $NUM -gt 0 ]]; then grep $IP /etc/hosts.deny >/dev/null if [ $? -gt 0 ]; then echo " sshd:$IP " >>/etc/hosts.deny fi fi done 感谢@wzk,@皮总,@wzp24,还有每次遇到问题都会打扰的@逝水fox 最后感谢@红薯.... 感谢国家,感谢人民... 感谢多了....
转载于:https://my.oschina.net/7shell/blog/88487 分享到: 好吧,我要从我每天的睡眠时间里扣出来半个 ... | linux调用MSN给好友发信息(URL) 2019-09-22 11:01 浏览 387 评论(0) 分类:互联网 查看更多 评论 发表评论您还没有登录,请您登录后再发表评论 |
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |