specification

This commit is contained in:
aixiao 2019-09-24 08:53:00 +08:00
parent 9db01550c1
commit 3383293658
5 changed files with 124 additions and 65 deletions

12
Makefile Normal file
View File

@ -0,0 +1,12 @@
CROSS_COMPILE ?=
CC := $(CROSS_COMPILE)gcc
CFLAGS += -g -Wall
OBG = rhost
all: rhost.o
$(CC) $(CFLAGS) $^ -o $(OBG)
clean:
rm -rf *.o
rm $(OBG)

View File

@ -1,7 +1,9 @@
# mail.log # denyhosts
ssh防止暴力破解
记录mail server的一些信息,攻击IP等. 记录mail server的一些信息,攻击IP等.
- 适用Debian 8、9 - 适用Debian 8、9
crontab 定时任务,像这样. crontab 定时任务,像这样.
0 22 * * * /root/mail.log.sh 0 22 * * * /root/mail.log.sh

62
denyhosts.sh Normal file
View File

@ -0,0 +1,62 @@
#!/bin/bash
#
# System authorization information.
# SSH prevents violent cracking
# Email: aixiao@aixiao.me
# Time: 20170909
#
function init() {
num=9;
send_mail=1;
pwd_path="/root";
TIME=`date +"%Y%m%d%H%M"`;
log_file="${pwd_path}/${TIME}.log";
email_address="1605227279@qq.com";
}
function run()
{
echo "Read-Only Memory,ROM:" &>> ${log_file}
df -am &>> ${log_file}
echo "random access memoryRAM:" &>> ${log_file}
free -hl &>> ${log_file}
echo "System process:" &>> ${log_file}
ps -axjf &>> ${log_file}
echo "Network Connections" &>> ${log_file}
netstat -tnulp &>> ${log_file}
echo "System authorization information:" &>> ${log_file}
/root/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
ip=$(echo $(/root/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}'))
ip_address=($ip)
for i in ${ip_address[@]} ; do
/sbin/iptables -I INPUT -s $i -j DROP
done
/sbin/iptables-save > /root/ipv4tables
echo "" &>> ${log_file}
echo "Iptables filter table" &>> ${log_file}
/sbin/iptables -L -n --line-numbers &>> ${log_file}
echo "" &>> ${log_file}
if test $send_mail = 1; then
mail -s "System Log" ${email_address} < ${log_file}
rm ${log_file}
fi
sync
}
init;
run;
exit 0;
20190103
20190911
aixiao@aixiao.me

View File

@ -1,64 +0,0 @@
#!/bin/bash
#
# System authorization information.
# Email: aixiao@aixiao.me
# Time: 20170909
#
function run()
{
pwd_path="/root";
TIME=`date +"%Y%m%d"`;
log_file="${pwd_path}/${TIME}.log";
email_address="1605227279@qq.com";
num=9;
echo "Read-Only Memory,ROM:" &>> ${log_file}
df -am &>> ${log_file}
echo "" &>> ${log_file}
echo "random access memoryRAM:" &>> ${log_file}
free -hl &>> ${log_file}
echo "" &>> ${log_file}
echo "System process:" &>> ${log_file}
ps -axjf &>> ${log_file}
echo "" &>> ${log_file}
echo "Network Connections" &>> ${log_file}
netstat -tnulp &>> ${log_file}
echo "" &>> ${log_file}
echo "System authorization information:" &>> ${log_file}
if test "`date | awk '{print $3}'`" -ge 10 ; then
grep ^`date | awk '{print $2}'`.`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file}
grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
ip=$(grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')
else
grep ^`date | awk '{print $2}'`..`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file}
grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
ip=$(grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')
fi
ip_address=($ip)
for i in ${ip_address[@]} ; do
/sbin/iptables -I INPUT -s $i -j DROP
done
/sbin/iptables-save > /root/ipv4tables
echo "" &>> ${log_file}
echo "Iptables filter table" &>> ${log_file}
/sbin/iptables -L -n --line-numbers &>> ${log_file}
echo "" &>> ${log_file}
mail -s "System Log" ${email_address} < ${log_file}
rm ${log_file}
sync
sync
}
run;
exit 0;
20190103
aixiao@aixiao.me

47
rhost.c Normal file
View File

@ -0,0 +1,47 @@
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <fcntl.h>
#include <string.h>
#include <time.h>
#define BUFFER 270
int main(int argc, char *argv[])
{
FILE *fp;
char *temp;
char buffer[BUFFER];
time_t timep;
struct tm *p;
time(&timep);
p = localtime(&timep);
char p1[2];
if (p->tm_mday > 10) {
if ((fp =
popen
("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
"r")) == NULL) {
return 1;
}
} else {
if ((fp =
popen
("grep -E \"^$(date \"+%h\")..$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
"r")) == NULL) {
return 1;
}
}
while (fgets(buffer, BUFFER, fp) != NULL) {
temp = strstr(buffer, "rhost");
sscanf(temp, "rhost=%s", temp);
if (atoi(strncpy(p1, temp, 1)) > 0)
printf("%s\n", temp);
}
pclose(fp);
return 0;
}