cat /etc/centos-release
uname -a
#!/bin/bash
# 定义失败次数的阈值
threshold=5
# 提取登录失败的IP地址
failed_ips=$(awk '/Failed password/ {print $(NF-3)}' /var/log/secure | sort | uniq -c | awk '{if ($1 >= '$threshold') print $2}')
# 检查是否有失败的IP地址
if [ -z "$failed_ips" ]; then
echo "没有找到失败次数超过阈值的IP地址。"
exit 0
fi
# 将失败登录的IP地址添加到黑名单文件
echo "将以下IP地址添加到黑名单:"
for ip in $failed_ips; do
# 检查IP地址是否已存在于黑名单文件中
if ! grep -q "sshd:$ip" /etc/hosts.deny; then
echo "sshd:$ip" >> /etc/hosts.deny
echo "$ip"
fi
done
echo "黑名单已更新!"