#!/bin/sh
AUTH_LOG="/var/log/auth.log"
YESTERDAY=`env LC_ALL=en_EN.KOI8-R date -v-1d '+%b %d'`
IPFW_TABLE_NUM="1"
IPFW_TABLE=`ipfw table ${IPFW_TABLE_NUM} list | awk '{ print $1 }'`
ip_list=`cat ${AUTH_LOG} | grep "${YESTERDAY}" | grep "sshd" | grep "Invalid user" |\
awk '{ print $10; }' | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
ip_list_uniq=`printf '%s\n' ${ip_list} | sort | uniq`
if [ -z "${ip_list_uniq}" ]; then
exit 0
fi
for ipaddr in ${ip_list_uniq}; do
repeat_count=`printf '%s\n' ${ip_list} | grep "${ipaddr}" | wc -l`
if [ $repeat_count -gt 5 ]; then
if [ -z "`echo ${IPFW_TABLE} | grep "${ipaddr}"`" ]; then
ipfw table ${IPFW_TABLE_NUM} add ${ipaddr}
fi
fi
done
exit 0
Последние комментарии
Может кто…