specification
This commit is contained in:
parent
9db01550c1
commit
3383293658
12
Makefile
Normal file
12
Makefile
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
CROSS_COMPILE ?=
|
||||||
|
CC := $(CROSS_COMPILE)gcc
|
||||||
|
CFLAGS += -g -Wall
|
||||||
|
|
||||||
|
OBG = rhost
|
||||||
|
|
||||||
|
all: rhost.o
|
||||||
|
$(CC) $(CFLAGS) $^ -o $(OBG)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf *.o
|
||||||
|
rm $(OBG)
|
@ -1,7 +1,9 @@
|
|||||||
# mail.log
|
# denyhosts
|
||||||
|
ssh防止暴力破解
|
||||||
记录mail server的一些信息,攻击IP等.
|
记录mail server的一些信息,攻击IP等.
|
||||||
- 适用Debian 8、9
|
- 适用Debian 8、9
|
||||||
|
|
||||||
crontab 定时任务,像这样.
|
crontab 定时任务,像这样.
|
||||||
|
|
||||||
0 22 * * * /root/mail.log.sh
|
0 22 * * * /root/mail.log.sh
|
||||||
|
|
||||||
|
62
denyhosts.sh
Normal file
62
denyhosts.sh
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# System authorization information.
|
||||||
|
# SSH prevents violent cracking
|
||||||
|
# Email: aixiao@aixiao.me
|
||||||
|
# Time: 20170909
|
||||||
|
#
|
||||||
|
|
||||||
|
function init() {
|
||||||
|
num=9;
|
||||||
|
send_mail=1;
|
||||||
|
pwd_path="/root";
|
||||||
|
TIME=`date +"%Y%m%d%H%M"`;
|
||||||
|
log_file="${pwd_path}/${TIME}.log";
|
||||||
|
email_address="1605227279@qq.com";
|
||||||
|
}
|
||||||
|
|
||||||
|
function run()
|
||||||
|
{
|
||||||
|
echo "Read-Only Memory,ROM:" &>> ${log_file}
|
||||||
|
df -am &>> ${log_file}
|
||||||
|
|
||||||
|
echo "random access memory,RAM:" &>> ${log_file}
|
||||||
|
free -hl &>> ${log_file}
|
||||||
|
|
||||||
|
echo "System process:" &>> ${log_file}
|
||||||
|
ps -axjf &>> ${log_file}
|
||||||
|
|
||||||
|
echo "Network Connections" &>> ${log_file}
|
||||||
|
netstat -tnulp &>> ${log_file}
|
||||||
|
|
||||||
|
echo "System authorization information:" &>> ${log_file}
|
||||||
|
/root/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
|
||||||
|
ip=$(echo $(/root/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}'))
|
||||||
|
|
||||||
|
|
||||||
|
ip_address=($ip)
|
||||||
|
for i in ${ip_address[@]} ; do
|
||||||
|
/sbin/iptables -I INPUT -s $i -j DROP
|
||||||
|
done
|
||||||
|
/sbin/iptables-save > /root/ipv4tables
|
||||||
|
|
||||||
|
echo "" &>> ${log_file}
|
||||||
|
echo "Iptables filter table" &>> ${log_file}
|
||||||
|
/sbin/iptables -L -n --line-numbers &>> ${log_file}
|
||||||
|
echo "" &>> ${log_file}
|
||||||
|
|
||||||
|
if test $send_mail = 1; then
|
||||||
|
mail -s "System Log" ${email_address} < ${log_file}
|
||||||
|
rm ${log_file}
|
||||||
|
fi
|
||||||
|
sync
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
init;
|
||||||
|
run;
|
||||||
|
exit 0;
|
||||||
|
20190103
|
||||||
|
20190911
|
||||||
|
aixiao@aixiao.me
|
||||||
|
|
64
mail.log.sh
64
mail.log.sh
@ -1,64 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# System authorization information.
|
|
||||||
# Email: aixiao@aixiao.me
|
|
||||||
# Time: 20170909
|
|
||||||
#
|
|
||||||
|
|
||||||
function run()
|
|
||||||
{
|
|
||||||
pwd_path="/root";
|
|
||||||
TIME=`date +"%Y%m%d"`;
|
|
||||||
log_file="${pwd_path}/${TIME}.log";
|
|
||||||
email_address="1605227279@qq.com";
|
|
||||||
num=9;
|
|
||||||
|
|
||||||
echo "Read-Only Memory,ROM:" &>> ${log_file}
|
|
||||||
df -am &>> ${log_file}
|
|
||||||
|
|
||||||
echo "" &>> ${log_file}
|
|
||||||
echo "random access memory,RAM:" &>> ${log_file}
|
|
||||||
free -hl &>> ${log_file}
|
|
||||||
|
|
||||||
echo "" &>> ${log_file}
|
|
||||||
echo "System process:" &>> ${log_file}
|
|
||||||
ps -axjf &>> ${log_file}
|
|
||||||
|
|
||||||
echo "" &>> ${log_file}
|
|
||||||
echo "Network Connections" &>> ${log_file}
|
|
||||||
netstat -tnulp &>> ${log_file}
|
|
||||||
|
|
||||||
echo "" &>> ${log_file}
|
|
||||||
echo "System authorization information:" &>> ${log_file}
|
|
||||||
if test "`date | awk '{print $3}'`" -ge 10 ; then
|
|
||||||
grep ^`date | awk '{print $2}'`.`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file}
|
|
||||||
grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
|
|
||||||
ip=$(grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')
|
|
||||||
else
|
|
||||||
grep ^`date | awk '{print $2}'`..`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file}
|
|
||||||
grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
|
|
||||||
ip=$(grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')
|
|
||||||
fi
|
|
||||||
|
|
||||||
ip_address=($ip)
|
|
||||||
for i in ${ip_address[@]} ; do
|
|
||||||
/sbin/iptables -I INPUT -s $i -j DROP
|
|
||||||
done
|
|
||||||
/sbin/iptables-save > /root/ipv4tables
|
|
||||||
|
|
||||||
echo "" &>> ${log_file}
|
|
||||||
echo "Iptables filter table" &>> ${log_file}
|
|
||||||
/sbin/iptables -L -n --line-numbers &>> ${log_file}
|
|
||||||
echo "" &>> ${log_file}
|
|
||||||
|
|
||||||
mail -s "System Log" ${email_address} < ${log_file}
|
|
||||||
rm ${log_file}
|
|
||||||
sync
|
|
||||||
sync
|
|
||||||
}
|
|
||||||
|
|
||||||
run;
|
|
||||||
exit 0;
|
|
||||||
20190103
|
|
||||||
aixiao@aixiao.me
|
|
||||||
|
|
47
rhost.c
Normal file
47
rhost.c
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
#include <stdio.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <time.h>
|
||||||
|
|
||||||
|
#define BUFFER 270
|
||||||
|
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
FILE *fp;
|
||||||
|
char *temp;
|
||||||
|
char buffer[BUFFER];
|
||||||
|
time_t timep;
|
||||||
|
struct tm *p;
|
||||||
|
time(&timep);
|
||||||
|
p = localtime(&timep);
|
||||||
|
char p1[2];
|
||||||
|
|
||||||
|
if (p->tm_mday > 10) {
|
||||||
|
if ((fp =
|
||||||
|
popen
|
||||||
|
("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
|
||||||
|
"r")) == NULL) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if ((fp =
|
||||||
|
popen
|
||||||
|
("grep -E \"^$(date \"+%h\")..$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
|
||||||
|
"r")) == NULL) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
while (fgets(buffer, BUFFER, fp) != NULL) {
|
||||||
|
temp = strstr(buffer, "rhost");
|
||||||
|
sscanf(temp, "rhost=%s", temp);
|
||||||
|
|
||||||
|
if (atoi(strncpy(p1, temp, 1)) > 0)
|
||||||
|
printf("%s\n", temp);
|
||||||
|
}
|
||||||
|
|
||||||
|
pclose(fp);
|
||||||
|
return 0;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user