#!/bin/bash
LOGFILE="/var/log/maillog"
#统计maillog中authentication failure的IP个数与IP
grep "authentication failure" $LOGFILE|awk '{print $7}'|grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort|uniq -c > af_iplist.txt
#取出AF出现大于300次时的IP
awk '$1>300 {print $2}' af_iplist.txt > block_ip_list.txt
#大于300次AF的IP添加到iptables中
cat block_ip_list.txt|while read line
do
/sbin/iptables -nL | grep $line
if [ $? != 0 ]
then
iptables -I INPUT -s $line -j DROP
fi
done
---------------------
作者:BecanDiao
来源:优快云
原文:https://blog.youkuaiyun.com/github_38816863/article/details/72614694
版权声明:本文为博主原创文章,转载请附上博文链接!