From 3383293658393dcc311505b5a3669c5b5190c8df Mon Sep 17 00:00:00 2001 From: aixiao Date: Tue, 24 Sep 2019 08:53:00 +0800 Subject: [PATCH] specification --- Makefile | 12 ++++++++++ README.md | 4 +++- denyhosts.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++ mail.log.sh | 64 ---------------------------------------------------- rhost.c | 47 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 124 insertions(+), 65 deletions(-) create mode 100644 Makefile create mode 100644 denyhosts.sh delete mode 100644 mail.log.sh create mode 100644 rhost.c diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b28e241 --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +CROSS_COMPILE ?= +CC := $(CROSS_COMPILE)gcc +CFLAGS += -g -Wall + +OBG = rhost + +all: rhost.o + $(CC) $(CFLAGS) $^ -o $(OBG) + +clean: + rm -rf *.o + rm $(OBG) diff --git a/README.md b/README.md index ea82478..037592d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ -# mail.log +# denyhosts +ssh防止暴力破解 记录mail server的一些信息,攻击IP等. - 适用Debian 8、9 crontab 定时任务,像这样. 0 22 * * * /root/mail.log.sh + diff --git a/denyhosts.sh b/denyhosts.sh new file mode 100644 index 0000000..ef465f5 --- /dev/null +++ b/denyhosts.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# +# System authorization information. +# SSH prevents violent cracking +# Email: aixiao@aixiao.me +# Time: 20170909 +# + +function init() { + num=9; + send_mail=1; + pwd_path="/root"; + TIME=`date +"%Y%m%d%H%M"`; + log_file="${pwd_path}/${TIME}.log"; + email_address="1605227279@qq.com"; +} + +function run() +{ + echo "Read-Only Memory,ROM:" &>> ${log_file} + df -am &>> ${log_file} + + echo "random access memory,RAM:" &>> ${log_file} + free -hl &>> ${log_file} + + echo "System process:" &>> ${log_file} + ps -axjf &>> ${log_file} + + echo "Network Connections" &>> ${log_file} + netstat -tnulp &>> ${log_file} + + echo "System authorization information:" &>> ${log_file} + /root/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} + ip=$(echo $(/root/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')) + + + ip_address=($ip) + for i in ${ip_address[@]} ; do + /sbin/iptables -I INPUT -s $i -j DROP + done + /sbin/iptables-save > /root/ipv4tables + + echo "" &>> ${log_file} + echo "Iptables filter table" &>> ${log_file} + /sbin/iptables -L -n --line-numbers &>> ${log_file} + echo "" &>> ${log_file} + + if test $send_mail = 1; then + mail -s "System Log" ${email_address} < ${log_file} + rm ${log_file} + fi + sync +} + + +init; +run; +exit 0; +20190103 +20190911 +aixiao@aixiao.me + diff --git a/mail.log.sh b/mail.log.sh deleted file mode 100644 index dfbc8d9..0000000 --- a/mail.log.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# -# System authorization information. -# Email: aixiao@aixiao.me -# Time: 20170909 -# - -function run() -{ - pwd_path="/root"; - TIME=`date +"%Y%m%d"`; - log_file="${pwd_path}/${TIME}.log"; - email_address="1605227279@qq.com"; - num=9; - - echo "Read-Only Memory,ROM:" &>> ${log_file} - df -am &>> ${log_file} - - echo "" &>> ${log_file} - echo "random access memory,RAM:" &>> ${log_file} - free -hl &>> ${log_file} - - echo "" &>> ${log_file} - echo "System process:" &>> ${log_file} - ps -axjf &>> ${log_file} - - echo "" &>> ${log_file} - echo "Network Connections" &>> ${log_file} - netstat -tnulp &>> ${log_file} - - echo "" &>> ${log_file} - echo "System authorization information:" &>> ${log_file} - if test "`date | awk '{print $3}'`" -ge 10 ; then - grep ^`date | awk '{print $2}'`.`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file} - grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} - ip=$(grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}') - else - grep ^`date | awk '{print $2}'`..`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file} - grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} - ip=$(grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}') - fi - - ip_address=($ip) - for i in ${ip_address[@]} ; do - /sbin/iptables -I INPUT -s $i -j DROP - done - /sbin/iptables-save > /root/ipv4tables - - echo "" &>> ${log_file} - echo "Iptables filter table" &>> ${log_file} - /sbin/iptables -L -n --line-numbers &>> ${log_file} - echo "" &>> ${log_file} - - mail -s "System Log" ${email_address} < ${log_file} - rm ${log_file} - sync - sync -} - -run; -exit 0; -20190103 -aixiao@aixiao.me - diff --git a/rhost.c b/rhost.c new file mode 100644 index 0000000..077f922 --- /dev/null +++ b/rhost.c @@ -0,0 +1,47 @@ +#include +#include +#include +#include +#include +#include + +#define BUFFER 270 + +int main(int argc, char *argv[]) +{ + FILE *fp; + char *temp; + char buffer[BUFFER]; + time_t timep; + struct tm *p; + time(&timep); + p = localtime(&timep); + char p1[2]; + + if (p->tm_mday > 10) { + if ((fp = + popen + ("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost", + "r")) == NULL) { + return 1; + } + } else { + if ((fp = + popen + ("grep -E \"^$(date \"+%h\")..$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost", + "r")) == NULL) { + return 1; + } + } + + while (fgets(buffer, BUFFER, fp) != NULL) { + temp = strstr(buffer, "rhost"); + sscanf(temp, "rhost=%s", temp); + + if (atoi(strncpy(p1, temp, 1)) > 0) + printf("%s\n", temp); + } + + pclose(fp); + return 0; +}