Linux教程自动屏蔽远程主机穷举密码-2 iptables
浏览次数:自动屏蔽远程主机穷举密码-2 iptables
http://www.enet.com.cn/eschool/includes/zhuanti/zt/linux/25.shtml
http://www.linuxpk.com/
http://www.knowsky.com/article.asp?typeid=60 [在Linux桌面上 随意使用Windows的文档]
http://www.qqread.com/linux/tech/
http://www.linuxeden.com/plus/list.php?tid=13
http://linux.chinaunix.net/
http://www.linux286.com/
--------------------------linux 社区-----------------------------
http://bbs.baidu.com/f?ct=&tn=&rn=&pn=&lm=&kw=linux&rs2=0&myselectvalue=1&word=linux&tb=on [第一页]
http://zhidao.baidu.com/q?word=linux&ct=17&pn=0&tn=ikaslist&rn=10 [到:eclipse的下载页面里的几种版本linux平台 ]
http://www.linuxeden.com/forum/
bbs.linuxpk.com
http://www.xxlinux.com/bbs/
http://linux.chinaunix.net/bbs/
http://www.linuxforum.net/forum/ubbthreads.php?Cat=&PHPSESSID=
#!/bin/bash
MONITOR_FILE="/var/log/messages"
MONITOR_LOG_FILE="/var/crontab/anti_scan.log"
TABLES="/tmp/anti_scan.pid"
tmp="/tmp/anti_scan.pid.tmp"
test -e $TABLES || touch $TABLES
test -e $TABLES || touch $tmp
while read line
do
str=`echo $line | grep "authentication failure" | grep -v "grep" | awk ''{for(x=1;x<=NF;x++){if(match($x,"rhost=")){rhost=substr($x,RSTART+RLENGTH,length($x)); printf ("%s %s\n",$3,rhost);}}}''`
if [ -n "$str" ]; then
NEWTIME=`echo $str | awk ''{print $1}'' |awk -F":" ''{printf ("%s:%s",$1,$2);}''`
OLDTIME=`tail -n 1 $TABLES | awk ''{print $1}'' |awk -F":" ''{printf ("%s:%s",$1,$2);}''`
if [ "$NEWTIME" == "$OLDTIME" ]; then
echo $str >> $TABLES
else
echo $str > $TABLES
fi
cat $TABLES | awk ''{print $2}'' | sort | uniq -c | sort -rn | xargs -l | \
while read amount ip
do
if [ $amount -gt 6 ]; then
iptables -A INPUT -s $ip -j DROP
sed ''/$ip/d'' $TABLES > $tmp
cat $tmp > $TABLES
fi
done
fi
done<`tail -f $MONITOR_FILE`