Блокирование ip адресов, ломящихся по ssh

  1. #!/bin/sh
  2.  
  3. AUTH_LOG="/var/log/auth.log"
  4. YESTERDAY=`env LC_ALL=en_EN.KOI8-R date -v-1d '+%b %d'`
  5. IPFW_TABLE_NUM="1"
  6. IPFW_TABLE=`ipfw table ${IPFW_TABLE_NUM} list | awk '{ print $1 }'`
  7.  
  8. ip_list=`cat ${AUTH_LOG} | grep "${YESTERDAY}" | grep "sshd" | grep "Invalid user" |\
  9.   awk '{ print $10; }' | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
  10. ip_list_uniq=`printf '%s\n' ${ip_list} | sort | uniq`
  11.  
  12. if [ -z "${ip_list_uniq}" ]; then
  13.   exit 0
  14. fi
  15.  
  16. for ipaddr in ${ip_list_uniq}; do
  17.   repeat_count=`printf '%s\n' ${ip_list} | grep "${ipaddr}" | wc -l`
  18.   if [ $repeat_count -gt 5 ]; then
  19.     if [ -z "`echo ${IPFW_TABLE} | grep "${ipaddr}"`" ]; then
  20.       ipfw table ${IPFW_TABLE_NUM} add ${ipaddr}
  21.     fi
  22.   fi
  23. done
  24.  
  25. exit 0