網路上除了爬蟲外, 也不外乎有一堆殭屍, 每天都以打攪別人為樂
一直直看到一堆scanner在掃22以外的port
雖然放著也不會怎樣…
看久了心情就不太美麗…
好吧寫個script來維護一下世界和平
請服用….XD
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
#!/bin/bash today=`date '+%m%d%y'` ben_fail_ssh () { grep 'Failed password' /var/log/auth.log | grep sshd | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | awk '{print $1}' | while read IP do if [ "$IP" != "127.0.0.1" ] && [ "$IP" != "122.116.33.14" ] && [ "$IP" != "118.163.31.241" ] ; then /sbin/iptables -A INPUT -s $IP -j DROP fi done /sbin/iptables-save >/root/rule/iptables_"$today".rule } backup_rule () { /sbin/iptables-save >/root/rule/iptables_"$today".rule /bin/sed -i '/fail2ban/d' /root/rule/iptables_"$today".rule /bin/cp /root/rule/iptables_"$today".rule /etc/iptables.ipv4 } reset_fw () { echo " *filter :INPUT ACCEPT [650:121885] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [688:83029] :fail2ban-ssh - [0:0] :fail2ban-ssh443 - [0:0] -A INPUT -p tcp -m multiport --dports 443 -j fail2ban-ssh443 -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A fail2ban-ssh -j RETURN -A fail2ban-ssh443 -j RETURN COMMIT" > default.rule /sbin/iptables-restore < default.rule rm default.rule } clean_rule () { cat $1 | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | awk '{print $1}' | while read IP do if [ "$IP" != "127.0.0.1" ] && [ "$IP" != "122.116.33.14" ] && [ "$IP" != "118.163.31.241" ] ; then echo iptables -A INPUT -s $IP -j DROP /sbin/iptables -A INPUT -s $IP -j DROP fi done } ben_fail_ssh reset_fw clean_rule /root/rule/iptables_"$today".rule backup_rule |