shell脚本防ssh/vsftpd暴力破解
来源:互联网 发布:卫浴设计软件 编辑:程序博客网 时间:2024/05/28 18:44
#!/bin/bashLIMIT=10LOGFILE="/var/log/block_ssh.log"TIME=$(date '+%b %e %H')BLOCK_IP=$(grep "$TIME" /var/log/secure|grep Failed|awk '{print $(NF-3)}'|sort|uniq -c|awk '$1>'$LIMIT'{print $1":"$2}')for i in $BLOCK_IPdo IP=$(echo $i|awk -F: '{print $2}') TIMES=$(echo $i|awk -F: '{print $1}') iptables-save|grep INPUT|grep DROP|grep $IP>/dev/null if [ $? -gt 0 ];then iptables -D INPUT -s $IP -j DROP iptables -A INPUT -s $IP -j DROP NOW=$(date '+%Y-%m-%d %H:%M') echo -e "$NOW : $TIMES times $IP">>${LOGFILE} fi done
FREBSD 系统下,脚本如下:
#!/bin/sh SCANIP=`grep "Failed" /var/log/auth.log | awk '{print $(NF-3)}' | sort | uniq -c | awk '{print $1"="$2;}'` for i in $SCANIP do NUMBER=`echo $i | awk -F= '{print $1}'` SCANIP=`echo $i | awk -F= '{print $2}'` echo "$NUMBER($SCANIP)" if [ $NUMBER -gt 10 ] && [ -z "`/sbin/ipfw show | grep $SCANIP`" ] then /sbin/ipfw add 1 deny ip from $SCANIP to me 22 echo "`date` $SCANIP($NUMBER)" >> /var/log/scanip.log fi doneVsftpd服务可以参考命令:
awk '/'"FAIL LOGIN: Client"'/ {print $12}' /var/log/vsftpd.log | uniq -c | sort -k1n | awk -F'["]' '{print $1$2}' | awk '{if ($1 >=20) print $2}'
下面用C语言实现上面的代码:
#include <sys/types.h>#include <unistd.h>#include <stdlib.h>#include <stdio.h>#include <string.h>#include <sys/stat.h>#include <time.h>#include <stdarg.h>#define SSH_LOG_PATH "/var/log/block_ssh.log"#define SSH_SECURE_FILE "/var/log/secure"#define SSH_MAX_LOG_FILE_SIZE (10*1024*1024)#define SSH_LIMIT 10#define SSH_BUF_SIZE 1024#define SSH_BLOCK_IP "grep \"%s\" %s | grep \"Failed\" | awk \'{print $(NF-3)}\' | sort | uniq -c | awk \'$1 > %d {print $1\":\"$2}\'"#define SSH_IPTABLES_SAVE "iptables-save | grep INPUT |grep DROP | grep \"%s\" >/dev/null 2>&1"#define SSH_IPTABLES_D "iptables -D INPUT -s \"%s\" -j DROP"#define SSH_IPTABLES_A "iptables -A INPUT -s \"%s\" -j DROP"static FILE * ssh_logHander = NULL;int init_ssh_log(){ ssh_logHander = fopen(SSH_LOG_PATH,"a"); if(!ssh_logHander){ return -1; } return 0;}void ssh_log(char *p_fmt,...){ char date[SSH_BUF_SIZE] = {'\0'}; time_t now; struct tm ptm; char tmp[SSH_BUF_SIZE] = {'\0'}; struct stat buf; va_list ap; if(!ssh_logHander){ return; } time(&now); if(localtime_r(&now,&ptm)){ strftime(date,sizeof(date),"%F %T",&ptm); fprintf(ssh_logHander,"[ %s ]",date); va_start(ap,p_fmt); vfprintf(ssh_logHander,p_fmt,ap); va_end(ap); fflush(ssh_logHander); } if(stat(tmp,&buf) == 0){ if(buf.st_size > SSH_MAX_LOG_FILE_SIZE){ fclose(ssh_logHander); ssh_logHander = fopen(SSH_LOG_PATH,"w+"); } }}int check_systrm_result(char *cmd){ int result = -1; if(!cmd){ return result; } result = system(cmd); if((result != -1) && WIFEXITED(result) && (WEXITSTATUS(result) == 0)){ return 0; } return -1;}int main(){ FILE *p_stream; FILE *p_log; char time_buf[1024] = {'\0'}; char block_ipbuf[1024] = {'\0'}; char cmd_line[1024] = {'\0'}; char *p_times,*p_ip; init_ssh_log(); p_stream = popen("date \'+%b %e %H\'","r"); fgets(time_buf,SSH_BUF_SIZE - 1,p_stream); printf("time_buf is %s\n",time_buf); pclose(p_stream); sprintf(block_ipbuf,SSH_BLOCK_IP,time_buf,SSH_SECURE_FILE,SSH_LIMIT); printf("block_ipbuf is %s\n",block_ipbuf); p_stream = popen(block_ipbuf,"r"); while(fgets(cmd_line,SSH_BUF_SIZE,p_stream) != NULL){ printf("cmd_line is %s\n",cmd_line); p_times = cmd_line; p_ip = strchr(p_times,':'); if(p_ip == NULL){ memset(cmd_line,0,SSH_BUF_SIZE); continue; } *p_ip++ = '\0'; p_ip[strlen(p_ip)-1] = '\0'; printf("p_times :%d,p_ip is %s \n",atoi(p_times),p_ip); memset(block_ipbuf,0,SSH_BUF_SIZE); sprintf(block_ipbuf,SSH_IPTABLES_SAVE,p_ip); printf("block_ipbuf is %s\n",block_ipbuf); if(check_systrm_result(block_ipbuf)){ memset(block_ipbuf,0,SSH_BUF_SIZE); sprintf(block_ipbuf,SSH_IPTABLES_D,p_ip); printf("block_ipbuf is %s\n",block_ipbuf); check_systrm_result(block_ipbuf); memset(block_ipbuf,0,SSH_BUF_SIZE); sprintf(block_ipbuf,SSH_IPTABLES_A,p_ip); printf("block_ipbuf is %s\n",block_ipbuf); check_systrm_result(block_ipbuf); ssh_log(" : %d times ip %s unauthorized access\n",atoi(p_times),p_ip); } memset(cmd_line,0,SSH_BUF_SIZE); } pclose(p_stream);}
http://www.92csz.com/11/1094.html
0 0
- shell脚本防ssh/vsftpd暴力破解
- 用SHELL脚本来防SSH和vsftpd暴力破解
- linux下shell脚本防ssh暴力破解
- Linux(RHEL、CentOS)服务器用Shell脚本来防止SSH和vsftpd暴力破解
- 利用denyhosts防止ssh暴力破解+脚本防破解
- SSH 防暴力破解配置
- CentOS 防SSHD VSFTPD暴力破解
- 暴力破解脚本 shell
- Linux防SSH暴力破解之Denyhosts
- 部署DenyHosts防SSH暴力破解
- linux使用denyhosts防ssh暴力破解
- SSH防暴力破解的解决方法
- linux帐号防暴力破解脚本
- 防暴力破解SSH/FTP/SMTP用户密码----fail2ban操作实务
- linux服务(4)--ssh服务防暴力破解--RHEL6.5
- 如何防暴力破解??
- SSH如何防破解
- CentOS服务器防暴力破解
- 大话设计模式(二)
- JDBC Insert语句插入Oracle数据库返回数据主键
- 调用OCX控件时的声明和实现
- 如何实现在文章底部加入“本文链接地址”DEDE技巧
- Unity3D基本知识 构造函数 this用法
- shell脚本防ssh/vsftpd暴力破解
- 海量数据处理的最佳语言是C,而不是C++,更不是JAVA
- Linux程序包管理rpm与yum
- HDU -- 1114 Piggy-Bank
- 转载的 数学渣的可以看看四元数在UNITY中的应用
- Android--SurfaceView截屏问题
- 模板之泛化仿函数(二)
- MS14-068 | Kerberos 中的漏洞可能允许特权提升
- SpringMVC系列(三)JQuery和JSON方式参数传递并处理JAVAWEB中文乱码问题