linux自动屏蔽爆破IP

linux自动屏蔽爆破IP
结合/var/log/secure文件，将ssh登陆失败次数大于N的IP封顶
N=3
SEC_FILE=/var/log/secure
for ip in `grep “Failed password” $SEC_FILE|grep -Eo “([0-9]{1,3}\.){3}[0-9]{1,3}”|sort -n|uniq -c|awk ‘{if($1>$N) print $2}’`
do
iptables -A INPUT -s $ip -p tcp –dport 22 -j DROP
done