specification

Makefile

@@ -0,0 +1,12 @@
+CROSS_COMPILE ?= 
+CC := $(CROSS_COMPILE)gcc
+CFLAGS += -g -Wall
+
+OBG = rhost
+
+all: rhost.o
+	$(CC) $(CFLAGS) $^ -o $(OBG)
+    
+clean:
+	rm -rf *.o
+	rm $(OBG)

README.md

@@ -1,7 +1,9 @@
-# mail.log
+# denyhosts
+ssh防止暴力破解
 记录mail server的一些信息,攻击IP等.
 - 适用Debian 8、9
 
 crontab 定时任务,像这样.
 
 0 22 * * * /root/mail.log.sh
+

denyhosts.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# System authorization information.
+# SSH prevents violent cracking
+# Email: aixiao@aixiao.me
+# Time: 20170909
+#
+
+function init() {
+    num=9;
+    send_mail=1;
+    pwd_path="/root";
+    TIME=`date +"%Y%m%d%H%M"`;
+    log_file="${pwd_path}/${TIME}.log";
+    email_address="1605227279@qq.com";
+}
+
+function run()
+{
+    echo "Read-Only Memory,ROM:" &>> ${log_file}
+    df -am &>> ${log_file}
+
+    echo "random access memory，RAM:" &>> ${log_file}
+    free -hl &>> ${log_file}
+
+    echo "System process:" &>> ${log_file}
+    ps -axjf &>> ${log_file}
+
+    echo "Network Connections" &>> ${log_file}
+    netstat -tnulp &>> ${log_file}
+
+    echo "System authorization information:" &>> ${log_file}
+    /root/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
+    ip=$(echo $(/root/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}'))
+    
+    
+    ip_address=($ip)
+    for i in ${ip_address[@]} ; do
+        /sbin/iptables -I INPUT -s $i -j DROP
+    done
+    /sbin/iptables-save > /root/ipv4tables
+
+    echo "" &>> ${log_file}
+    echo "Iptables filter table" &>> ${log_file}
+    /sbin/iptables -L -n --line-numbers &>> ${log_file}
+    echo "" &>> ${log_file}
+
+    if test $send_mail = 1; then
+        mail -s "System Log" ${email_address} < ${log_file}
+        rm ${log_file}
+    fi
+    sync
+}
+
+
+init;
+run;
+exit 0;
+20190103
+20190911
+aixiao@aixiao.me
+

mail.log.sh

@@ -1,64 +0,0 @@
-#!/bin/bash
-#
-# System authorization information.
-# Email: aixiao@aixiao.me
-# Time: 20170909
-#
-
-function run()
-{
-    pwd_path="/root";
-    TIME=`date +"%Y%m%d"`;
-    log_file="${pwd_path}/${TIME}.log";
-    email_address="1605227279@qq.com";
-    num=9;
-
-    echo "Read-Only Memory,ROM:" &>> ${log_file}
-    df -am &>> ${log_file}
-
-    echo "" &>> ${log_file}
-    echo "random access memory，RAM:" &>> ${log_file}
-    free -hl &>> ${log_file}
-
-    echo "" &>> ${log_file}
-    echo "System process:" &>> ${log_file}
-    ps -axjf &>> ${log_file}
-
-    echo "" &>> ${log_file}
-    echo "Network Connections" &>> ${log_file}
-    netstat -tnulp &>> ${log_file}
-
-    echo "" &>> ${log_file}
-    echo "System authorization information:" &>> ${log_file}
-    if test "`date | awk '{print $3}'`" -ge 10 ; then
-        grep ^`date | awk '{print $2}'`.`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file}
-        grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
-        ip=$(grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')
-    else
-        grep ^`date | awk '{print $2}'`..`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file}
-        grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
-        ip=$(grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')
-    fi
-
-    ip_address=($ip)
-    for i in ${ip_address[@]} ; do
-        /sbin/iptables -I INPUT -s $i -j DROP
-    done
-    /sbin/iptables-save > /root/ipv4tables
-
-    echo "" &>> ${log_file}
-    echo "Iptables filter table" &>> ${log_file}
-    /sbin/iptables -L -n --line-numbers &>> ${log_file} 
-    echo "" &>> ${log_file}
-
-    mail -s "System Log" ${email_address} < ${log_file}
-    rm ${log_file}
-    sync
-    sync
-}
-
-run;
-exit 0;
-20190103
-aixiao@aixiao.me
-

rhost.c

@@ -0,0 +1,47 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <string.h>
+#include <time.h>
+
+#define BUFFER 270
+
+int main(int argc, char *argv[])
+{
+    FILE *fp;
+    char *temp;
+    char buffer[BUFFER];
+    time_t timep;
+    struct tm *p;
+    time(&timep);
+    p = localtime(&timep);
+    char p1[2];
+
+    if (p->tm_mday > 10) {
+        if ((fp =
+             popen
+             ("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
+              "r")) == NULL) {
+            return 1;
+        }
+    } else {
+        if ((fp =
+             popen
+             ("grep -E \"^$(date \"+%h\")..$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
+              "r")) == NULL) {
+            return 1;
+        }
+    }
+
+    while (fgets(buffer, BUFFER, fp) != NULL) {
+        temp = strstr(buffer, "rhost");
+        sscanf(temp, "rhost=%s", temp);
+        
+        if (atoi(strncpy(p1, temp, 1)) > 0)
+            printf("%s\n", temp);
+    }
+
+    pclose(fp);
+    return 0;
+}