[root@new s9011]# cat /root/bin/secureDeny.sh #!/bin/bash # # Create hosts.deny.tmp # cat /var/log/secure | grep "Failed password for" | awk -F"from " '{print $2}' | awk -F" " '{print $1}' | sort | uniq | sed "s/^/ALL: /" > /etc/hosts.deny.tmp # # Compare hosts.deny hosts.deny.tmp # cat /etc/hosts.deny /etc/hosts.deny.tmp | sort | uniq > /etc/hosts.deny # # crontab -e # # hosts.deny */10 * * * * /root/bin/secureDeny.sh ## # hosts.allow ####
# onse ALL : 210.114.223.42 210.114.223.91 210.114.223.93 210.114.223.94 210.114.223.127
# cybermoon ALL : 210.118.178.152 210.118.178.154
# nig0412 ALL : 220.84.225.
## # hosts.deny ####
sshd : ALL : spawn ( echo -e "%d (pid %p) / %u / %c / $(date)" | /bin/mail -s %d-%h nig0412@tolinux.net) & rsync : ALL : spawn ( echo -e "%d (pid %p) / %u / %c / $(date)" | /bin/mail -s %d-%h nig0412@tolinux.net) &
|