aixiao/denyhosts
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

直接调用IPtables禁用IP地址.

Browse Source
This commit is contained in:
aixiao 2021-07-11 10:10:55 +08:00
parent 014fb45b11
commit 86d7bf5780
6 changed files with 60 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -1,6 +1,6 @@
CROSS_COMPILE ?=
CC := $(CROSS_COMPILE)gcc
CFLAGS += -g -Wall
CFLAGS += -O2 -g -Wall
OBG = rhost

2
README.md
View File

@ -2,11 +2,13 @@
ssh防止暴力破解,适用Debian 8、9
## Help Information
cd /root
git clone https://github.com/niuyuling/denyhosts.git
cd denyhosts
make clean; make
chmod a+x /root/denyhosts/denyhosts.sh
crontab 定时任务,像这样.
0 22 * * * /root/denyhosts/denyhosts.sh

10
denyhosts.sh
View File

@ -7,8 +7,7 @@
#
function init() {
num=20;
send_mail=1;
send_mail=0;
pwd_path="/root";
TIME=`date +"%Y%m%d%H%M"`;
log_file="${pwd_path}/${TIME}.log";
@ -31,13 +30,7 @@ function run()
echo "System SSH authorization information:" &>> ${log_file}
/root/denyhosts/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
ip=$(echo $(/root/denyhosts/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}'))
ip_address=($ip)
for i in ${ip_address[@]} ; do
/sbin/iptables -I INPUT -s $i -j DROP
done
/sbin/iptables-save > /root/ipv4tables
echo "" &>> ${log_file}
@ -59,5 +52,6 @@ exit 0;
20190103
20190911
20191008
20210614
aixiao@aixiao.me

BIN
rhost
View File

Binary file not shown.

72
rhost.c
View File

@ -6,30 +6,36 @@
#include <time.h>
#define BUFFER 270
#define LONG_BUFFER 1024*100
#define TOP_IP 20
#define AWK "| awk -v num=%d '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}' "
#define GE_10 "grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost"
#define LE_10 "grep -E \"^$(date \"+%h\")..$(date | awk '{print $3}')\" /var/log/auth.log | grep failure | grep rhost"
#define IPTABLES "/sbin/iptables -I INPUT -s %s -j DROP"
int main(int argc, char *argv[])
int main(int argc, char *argv[], char **env)
{
FILE *fp;
char *temp;
char buffer[BUFFER];
time_t timep;
struct tm *p;
time(&timep);
p = localtime(&timep);
char p1[2];
FILE *fp, *fc;
char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER];
if (p->tm_mday >= 10) {
if ((fp =
popen
("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
"r")) == NULL) {
time_t timep;
struct tm *tp;
time(&timep);
tp = localtime(&timep);
memset(splice_command, 0, LONG_BUFFER);
memset(command, 0, LONG_BUFFER);
memset(buffer, 0, BUFFER);
memset(awk, 0, BUFFER);
memset(iptables, 0, BUFFER);
fp = NULL;
fc = NULL;
if (tp->tm_mday >= 10) {
if ((fp = popen(GE_10, "r")) == NULL) {
return 1;
}
} else {
if ((fp =
popen
("grep -E \"^$(date \"+%h\")..$(date | awk '{print $3}')\" /var/log/auth.log | grep failure | grep rhost",
"r")) == NULL) {
if ((fp = popen(LE_10, "r")) == NULL) {
return 1;
}
}
@ -37,11 +43,37 @@ int main(int argc, char *argv[])
while (fgets(buffer, BUFFER, fp) != NULL) {
temp = strstr(buffer, "rhost");
sscanf(temp, "rhost=%s", temp);
if (atoi(strncpy(p, temp, 1)) > 0) {
strcat(splice_command, temp);
strcat(splice_command, "\n");
}
}
printf("%s", splice_command); // 测试没问题
// 拼接命令
sprintf(awk, AWK, TOP_IP);
strcpy(command, "echo \"");
strcat(command, splice_command);
strcat(command, "\"");
strcat(command, awk);
//printf("%s", command); // 测试没问题
if ((fp = popen(command, "r")) == NULL) { // 执行命令
perror("popen");
return 1;
}
while (fgets(buffer, BUFFER, fp) != NULL) {
buffer[strlen(buffer) - 1] = '\0'; // 去除回车
sprintf(iptables, IPTABLES, buffer);
if ((fc = popen(iptables, "r")) == NULL) {
perror("popen");
return 1;
}
if (atoi(strncpy(p1, temp, 1)) > 0)
printf("%s\n", temp);
}
pclose(fp);
pclose(fc);
return 0;
}

BIN
rhost.o
View File

Binary file not shown.