Блокирование ip адресов, ломящихся по ssh

#!/bin/sh

AUTH_LOG="/var/log/auth.log"
YESTERDAY=`env LC_ALL=en_EN.KOI8-R date -v-1d '+%b %d'`
IPFW_TABLE_NUM="1"
IPFW_TABLE=`ipfw table ${IPFW_TABLE_NUM} list | awk '{ print $1 }'`

ip_list=`cat ${AUTH_LOG} | grep "${YESTERDAY}" | grep "sshd" | grep "Invalid user" |\
  awk '{ print $10; }' | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
ip_list_uniq=`printf '%s\n' ${ip_list} | sort | uniq`

if [ -z "${ip_list_uniq}" ]; then
  exit 0
fi

for ipaddr in ${ip_list_uniq}; do
  repeat_count=`printf '%s\n' ${ip_list} | grep "${ipaddr}" | wc -l`
  if [ $repeat_count -gt 5 ]; then
    if [ -z "`echo ${IPFW_TABLE} | grep "${ipaddr}"`" ]; then
      ipfw table ${IPFW_TABLE_NUM} add ${ipaddr}
    fi
  fi
done

exit 0
Яндекс.Метрика