From 36fa768f4ae99287931b08fd2ed8f3960de4be57 Mon Sep 17 00:00:00 2001 From: aixiao Date: Tue, 22 Oct 2019 23:08:05 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=B2=A1=E6=9C=8910=E5=8F=B7?= =?UTF-8?q?=E6=95=B0=E6=8D=AEbug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 9 ++++++--- denyhosts.sh | 9 +++++---- rhost | Bin 0 -> 20408 bytes rhost.c | 4 ++-- rhost.o | Bin 0 -> 8552 bytes 5 files changed, 13 insertions(+), 9 deletions(-) create mode 100644 rhost create mode 100644 rhost.o diff --git a/README.md b/README.md index ac7caad..04d733a 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,12 @@ # denyhosts ssh防止暴力破解. 记录mail server的一些信息,攻击IP等. -- 适用Debian 8、9 +- 适用Debian 8、9 + +cd /root +git clone https://github.com/niuyuling/denyhosts.git +chmod a+x /root/denyhosts/denyhosts.sh crontab 定时任务,像这样. - -0 22 * * * /root/mail.log.sh +0 22 * * * /root/denyhosts/denyhosts.sh diff --git a/denyhosts.sh b/denyhosts.sh index ef465f5..057a344 100644 --- a/denyhosts.sh +++ b/denyhosts.sh @@ -7,7 +7,7 @@ # function init() { - num=9; + num=20; send_mail=1; pwd_path="/root"; TIME=`date +"%Y%m%d%H%M"`; @@ -29,9 +29,9 @@ function run() echo "Network Connections" &>> ${log_file} netstat -tnulp &>> ${log_file} - echo "System authorization information:" &>> ${log_file} - /root/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} - ip=$(echo $(/root/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')) + echo "System SSH authorization information:" &>> ${log_file} + /root/denyhosts/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} + ip=$(echo $(/root/denyhosts/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}')) ip_address=($ip) @@ -58,5 +58,6 @@ run; exit 0; 20190103 20190911 +20191008 aixiao@aixiao.me diff --git a/rhost b/rhost new file mode 100644 index 0000000000000000000000000000000000000000..7c397cd201cd07c60e39efd2b5570cee0a282a4f GIT binary patch literal 20408 zcmeHPdyrezc|Vd?Ufq4%UGJ{n5R1hQ=CP9BUSm6G*Soehtc?MiK!Sa(mF}*DwUS1< zTD%4)24jY;Yids^khV!&lF3jeAx=ACC}|o~D38pL8k!UuVB%(=*<~P@gc1{i)!%pS z`DE#?l&1Y7ozCdY-us>J_dU)z-#Pc{oO|!tFZ2&?a=ToDlSh0?5O=!OMnXz(c9Y70 zghaP!#Q9>;DQ1ALlb9_J*#uHM#ogu9r*ID_**&b}PI`gTW6CuoN_N%KfqGlQRH$~4 zotH$4chXU+5E4_C7t8ZYu@DaGSM_IFYDck|?6U19HaNu*1G#iyxokK2C*93kcgQMHcXDW{&K)=i zBl(Z~@BH0u-@0Y%oNqqy*!ZEgPk#IM58fi(798ZmZr2^i*%;9m%^!{ut(G=J&{jdX zpbCBuaDN5;i>v6btAg*Yf(NSLUjy#P;Y@=7D%HQS3cjQY-dhF#Ti|{i&a@IhrE;$Y z-sw~(9^)WN-M(5FMk1Gvu3c;7a?wa?Smdm1Dw-J=nY@(~nRLcXiQy3wc?j?)GSOr@ zXNriGPKabW8cAA-Q4?OGdn3khA{9v{_7O`37&$AFwT#h7A|*Bt4)ks`mIu}pbISv( zgfXyvixD%k=13xEnc3}IHYU?4b9-bcNj^qK(<$Y{uvIH6qB(9kO6klwPccVh(gn^1 z%Gb}FM538Sa#msa`3a4@+zy@+-)H!~aB`-NpHcS_#t$ew6SC!uGylp}Hcr=qx;0AR zbO~O1{ZE$Q?28P}l;Eg%F`X^J>AK@IH)QANHcsv4Y7zK9i9q<^+rIE&@9RM!!iP>;?!u|?!KZys73)%1^)rYH zi{HSxWnl<8;^QQrI$c0o{1f77sy1~>@-GojQ?#j*lK%nmG=-cxA^CqKo~CM3$0h#+ z@iax7Ix6|UA)cm|QwJpf2=O#+n#xH2A>wI@Ikj8ze@;A2*`~Hhz7zcLQSdS?duL$c z#a-cvpM?*;ac0~0!6V*VP`B`rW{)Hro`hCm*1ux8^nT02K9X#Rz(M$k_p?OSp0#En zJdZ+7;n51GTNWN5$4@B={bf>r)n!C3Jr{oRoF_bSCj8{&RbkgN;TO+Y9dK|+Iq(%u z56g1c{=kO!AQJiDj_|<^!;}qAylFLs4{vx0%w!juG#SU~8SnGpT|3#1>C|ly?to4B zj<>g=7bd><_vZ?Q@Wgjc5IJ(_Imtacd0#oZO2YkT!iW3M91b-dJlpX3E5b)seSj%C zTJ&p>$vbV8v*CmL&x)2qe}Sq!F1wiq2Xud6>t3uw_l8p4e9qP*3)JA0EP2%~=!GYq zoxIvsoeUq|funyCo(62uIN@X|Nw8kzi;-@?a}AA76?%U*3+C{r|?d-X^XJ^l@9s>mk87#WS%C0JEX)VVn<0<{R#B2bG!EdsR&)FM!e zKrI4)*a*=3B}!RU>`2zk_`CZ3ox2t-iA5~a-+B4sc;}^o^IWX+(oTPHERqc-(<8x1 z-iim1@!#&3ro)j$GM_b>&BoI?i(FUp%Z_jNM{eEYzvQ+|Hj%RYi&pHvU6wp= zSe!$dt_7ZT-JtX^q3_*7;V#hkLB9c7ccxI-4mt(;H0YvV77A~G-UWIE){peQn38MX zb;7l`)wQ6h-gneh-%2=rlkhP7TuurqRn~`J$Vvb4Ula-_NLO#&q|g0yOXID+1LCUr z>n>ZdsFPr_@52#--_rMIWP3A?3sKKCv=;8sTkm#nY@Xp+?n0HM&Fz4@-zyY$f{I?f z^-tXW`rLax{ks21UBABMkG)}i>D@EJdiTNl&3fn-y}L(W+M_S&)&0HtTVsF+%+MW7aeS_Enls70U_fm#G=5vWC=7J>i25#a9t`MW=!<1;OOtEN6QM44d$Wh3^g7T+H#1zw-gi)2c3Y$A@Tf*C)hD#rCbsr2}pKra8Ig54g7 zr7B)k%Jv;s_ITqcd5$lZZ<7DKl7Fc9V!c&4e`vzrl{?E_t;WG7MQ>1aSkW;>?^g7F zMZd1-V~RebDEsH{OE+)ac%^?ypE;C>r2O516@jH)t1q=P;tD9+{b%>WKdEn3<@%Q$ zmC%nchU{VFbJfGJ>1qhSg2-1gboY_>SLUn*@%ZWoq2{TpzZRs<=W+QK6Ys8npNMP5 zC6e=A30-fU7f&W&;{6dh$ev6j~aMhq@K@CWz491yZ+KdjNT#b{yxrHIix79wJG%WaesKxT;$#8NU`GwJRmF zL|a8_>m;*OJ3x~4lIhkClg$RngtYIIT1YZsZ7(rBlG&y$A)8*w+$hg=eX|Fkuv;4> zwM`w@fW)<*6BCxT&S>`%GawmDn@8n*x{;o|?A1ObZ(G{7fgI3IklNOk&w#m8OOV<% zz8%00YLldPZHo!!9_>Ps+|>L9U`MqtlFjGlP@EssZXo97dAETa*RCgo$>}lbqo0YeI-d}?>cyI;QU9LCog2oJA z9~5TzNYF$bM)hi@kwWNtFpc+1g*}wLUS`K|mb%A~k-F_dzlTH<`j?~zb+-On%Kni= z^ykRkVLQJN`TF@yGzgkrht5klT15S`r0)9~313E5e*vfZ1@lSTdIYF%p}XZHsY4@1 zr@NQ7NSAqJg|=LJ)bB#0v^94A-=MColX(o{e}Aai(Pa+8DX+Xrc>fiG~kDMB}U$3c*s*M9up(bY+xXLLUL#^c9`zs{aDA zrsH-?U#I+E%_J9kf^@!a>zpC{QCsJyl>e60X?qTpaW#0U51e-l*I&MhJ4^dIsiBjG z=h!#)w|7W>KJ|d-*zx@x!x`afYNYOVAB)dg1vOW5BURUZ?8aH|kh0!Djy%Us?w|Dp ziCdbwQEkt$$M<)@wzc(bNZrSFcVw0cS9`-RrS4< zn(11sw>Nt91^P@^TYc*sc$zId`jw6A8rL=s;0N5Z2)*?wXke(fAdAtj5ZqvA5JFn@ zpAzsVhN>Ei|yFsrm| z0%prvc@aCRCu;F$=oYsKQs=ln(wlLX+u(=~=5u(uofry^M596MG%{ANRNIb5Qu$za zFp-KT^D$FMJ;hAd8%kjB$$zgBw8k@Lxgs9N({uAc6xGD;l~~Li4#a6Ygj7Wq0}VS` z@=?p!G%(l?0Au2O4iYw#C`Al!e39tT;o!jee{i;{< z9rL#N9`!c+zU*zf)7yNtx9L0HM(BGV^frALKHYWho7~v!;zFGgsh9wXWJiQGYV5<# z8tkIEMmAP9DTOvkBo`So4HMdyIhql1R5Jy*!3h45KleHL+JGhs`~B9YL;c z%_c0<$Y5KLF`SHyEX70lVPhzQ-9iSuk0r9{l)!GF>>e|llk%(?iOF({ zo?#&JmCu>6R7CCoL)AzZ zkr|3a_vABn*VAPLQ#m}AOKB8#(J@<7jsSazj9Ikpi+hIL$YCjkB^MwC6@S$7oEe4V zMAA&9rDN%g1|!N$=j{S$bf8wyPUK?tOEkJ2{EpkE>5 zu=C1a5pNc!D&l%^zjL|&7QyS^avVK5&Nk}RbPamTJZhA`NxW4Luw;?{eY08Df@uV4an+=tn zFRy}!fcwidZRUFtpFW;%uHq*JycOf$InL>u@izDL>pfq^&qNjc;VSrdfm6B8>yFkQ zmD=?(@R^vm^79gI`Wu8(kd+bUcrwxAyHY%VC2?E@D*ii_K5c)fq)&^JR*e4xA*HCu zlgiI&)xVc3{1fm)`p$S>CjINv7F5A1<@Q#=w*#j*IQ{Pi?k}&RELz$NVg9j3m=Tk)#o`(%GC5$?p}>^k^n&T4pS;X2o*s z2Ct+`GA05S13p2+eXF$^`Q{@GKVQjjtXG_1)zqQZ6 zR`PO1OmzBg+S;>aU}L#N?p_CkDU{J4RvyBA*9l|u;5EHHgT^(RHeKJp-PqpKJJ?TN z<(~IwE-$Nmesg>%#GBt~%R5#Cw7JkJ=##d=iZ3r(ndUziY4u(gPhD6G`THpE`=R@+5ZtZU&tDWhH^Pof}GCEe=Bfa zgTg}pPoNwz4E#F)?lJm50Tnm@m;d8|at{bK{>m{C$c>L;rU`0gZ5rnsCiZ4FBLbY>33IloJ=kpv&ZC6LXd;T@(-wI~ z@5^K+(t$VwC6=NVguOsPH3G$CDVDZorwA7+gNDADF&i zs};}6U6J2~9KB;6`OqVKqXZ;l{_8~(tWqV$?Fg>Xh zxqN5)?^5=?N{`<|F+EdakJ;9=_}vSPVxnGO(T}j56eXL|M0G7q6JSd1{mPE%iBe_c z9qz?_4tri#G3EBM8|InP1I*I$Ppbl$(v$kq#N{*gRb)!-d7Z|T-`BCev;FjlpX`gp z_?4!jKT#|bt~c}FMyAyMHNP!kx}Fskb(U|>$Iq9~>qDkKa$b_0gFpufoBsIENfzO1+4)eYM{Y_EV1x=ZnV3+@~Bm{W^7LSFwLu85SG^)@k2a z#r`RJ`GK^?Vc=lJ(kk}9S#8^Y(P7|V#d>A$Z0DbL+xBy~V{EnB{QE`s7e^65kT%-n5r=aw*Ot;6uCo0j{k8_Zj4MqJR{R%Jit9!I literal 0 HcmV?d00001 diff --git a/rhost.c b/rhost.c index 077f922..85ecd1d 100644 --- a/rhost.c +++ b/rhost.c @@ -18,7 +18,7 @@ int main(int argc, char *argv[]) p = localtime(&timep); char p1[2]; - if (p->tm_mday > 10) { + if (p->tm_mday >= 10) { if ((fp = popen ("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost", @@ -28,7 +28,7 @@ int main(int argc, char *argv[]) } else { if ((fp = popen - ("grep -E \"^$(date \"+%h\")..$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost", + ("grep -E \"^$(date \"+%h\")..$(date | awk '{print $3}')\" /var/log/auth.log | grep failure | grep rhost", "r")) == NULL) { return 1; } diff --git a/rhost.o b/rhost.o new file mode 100644 index 0000000000000000000000000000000000000000..76e9a4dd9d9b1ad92dfa48b3ffc38925d38b5a27 GIT binary patch literal 8552 zcmbtZ32a=&8J@T6XRp2M_4>%+Bo#{t#1Zjs5=>&}!a1DSBqX$8HJmTcyU*)K_Ue0Y zeFV&@v~dk8uF9nrNLqwwg&s$Kv?+IuclSO0OSp`X!v5pm$b}w)CvPGdPy<~4oChLIPf;LKeed>955fm(@;deMX^?ff4Lv-0c^?H9`jm;ChLEIE5F3OZ%^V`rLh5p#yk7sE3aSGkv2UmzVgEJM^>&$R8V^5nw9b7sOcoLg-p^cc_RsE#BYjo)nU`l zmK;k$XQbeIpJi7XzA0{w9f_~LvFO-&FTU!c$<_b07vYP4Z#&;*AJ;Gje^5f0I2OS# zf7!%o!33}hyt$+Ys$i%NQLu(rHKCvu;y55^tyUl%E4@aCctM3DZY6kcdlq^``@ZFs z_Cw3CT^o83zJtO_9k#jkH*401)`3nv5Ul2+Ityz7HrC$-U1rDFKXzP5`F`ILu=^BfwDTHZbs_m@vJr{ktI703TL! zVKj_&ZD=uHR4J^b}Il9J5p(mLX*qRNZD2vTO$h!`pUe|JnJ2kS3&=68LFW%5wxP%!L;KcmU}tGXN^6LsL~!QuNy5u;27)su zCfkOKOpAnZx&t#Ki@0=S7{d+B91<|vfQEuIXC?)1igZKR!I{&OZJ-;Ay$`*CnZs?x z^-ODR_&b+|2bhuu+5Mv=8)_;Nqk-Fs)fTKiV1&MwdsMwU)Zr60o$G1*4n8 zTf#lz0SGp@iiN}5K?0U~6EtBrBL;S)T4YeF?gEBYs8tI_!(pMV0a4%RGu92t4HfI~ zM6^Qh)^=FFnl{ji@{Q+$og~ObyL^h5w4+edxe$1acpak?d^0!=`JJ{Tv`gCM7*@9r zwBpcum)^Ux9bL5QKFfinjJ1KukQ^`)i~PQkSj?l+A$J%jM6nh=Fkw*mw#-}jC8xej zP~#qWi3C^@zBTRRXd`^{!wceM$%S{MJ(SF(Qpxe|jmE~V&a9m;jdy19rDS)~&Zn}a zw8gj_f%$Snw&(r_B1vzeXw4O5jK2#LDGb&1(rIfrF@lFFE(%Q;r|UVTlxOT2*xv^P ztf5K^H0%P9u*}>E*RUKXYrCFME9Ie?7M&T(D-=B=Rd6iP>Df8UKtV7^_Pv~d*d?@> zuCaQNXoxP@py_((s9yiJ-Vj=^hde!cwH^ssdfO>I`fbq~*JIz&>q9eoOXvx`G4zlg zxm|DEr$?UB!yvEUuScE%n}M3ZRe=CZ1H@$K(+n!p$uKWx94+K6W(*wUgXKfY!#ltiM#7B3@UUxn<#Zauj%7KPYhXgSficJSETiawx#6st zanWBU=YbyY9x4qRL#7Mv!ON)a6!Of-na&Z*ae2REnQ897Y#B6|$Rn?c{F{#eERPgQ z4o)bBpEf75c4ow5*+M=O=U*7PVW74ca<-5<0>oTNE|e-cFmKsX4&s5th*9uBA!nm7 z?rd6)y_9$DOx{YzQzNE>!y5y848&59r8ylr7+ocpvK~5|1JI*L0yB8Z`IvJ?4h?%p z^JWh6RmzuKE4=}yQBD>nlh0Mon6Mz0WG?R|Q^`RWvYE`=rHK+eWSQh{%RK@MGnuyX z6L<)98IL??+A!ELJ8eNiJQGJUfesBE=*BLbZKG(WFUF1>h=R9a3$o4E#GLr|9vF=8 zTE8jYowz8mF5a2*N_lHr#)3sa|>&r zBE_EtF6DdbG5_#~NpYVXwk#p1kVuJ$Oen_T|8?#@gTp4Ma$5 zeg&$qbN%h?{2thCs@^D(haIa*3DP}6?Fuq@aa1Wm#;*wTdVprw+myv04d=)8V|Xpg0K4;W3gHUw-6!506azj5$Y|u{8_us}|rB3-DbF z@LLw(_btF*u>gN)0sguLczkJA8*lj~AU2Y{`w#BivEMkjXU`RVR~lFD*tx&YfM-2r zW^w;z#X`}_<4X|!;PJKHLaL|7aNU%dA4WQ#D#9k}6>L^4!45SH?^2f)Q`rK%D?~Yu zYIqCtcs_yqJC+STz8Tt*A0QrIt++ZRk5?`%l1F=321UhJI39VWe2I7|FZr7k{#wGf zQH^%}b{{4$b<_X97|{%^_ttqPwc{!WE|lK2w}-$MNN6du{xo)MME{dl| zk^c+X-=pvyWd90qu_zmE9tEBtDT=ZwN1C;Xbi-%N47 zrSN!u#4@Y!za;xL_~L~k^V~%7#1#HhA;wlH{BtDVq44s2(53J{BRjnczl7r1M?9J( zifarh@)r4Z6n;DLcPsqGC*fcK`Yp;E@M^TP#@;cath$gxI243&v; z%zOrZr1EocSGS}J9+DHOLM~^)Zv}~b!Lt%@$?kMLxZ;wMH3C18;4cIJZ;68e%#A;n zXtNi;pvZfVKtfiwv0e@zoT^^<_)ClqdiT@(<5?J+@}`PsODq?_2YGrNkm6;G^dy$G zO0R_uwE4g4uLoVUIcE(39w$d{K-*tr{F2)a4K*h0yOa!`rFAUjRoNcssFuISFkw)N zw^|-~&ph0$CPhtNHII|1wYLAAWS7=YJA7v?=3+CNBfH0YjNl7MAoc>*F9( zP5&+WY2tI-O65!H$$EzLD-xphQT3lT=H=>9(pT5-Ea`VEhGqUGeG(eg@^`pO{&0_# z`ZBLL4%Ii>UPmuF{0}7-yxStB>f@SFQVb0IBNLrLxj|IrZ<#kq;5JiDf1Kh!B?YNg G_5TH17f50N literal 0 HcmV?d00001