[root@ZHAOYUN ~]# cat ssh.sh #!/bin/bash TIME=`date +"%Y-%m-%d %H:%M:%S"` BADIP=/root/ssh_badip BKIP=/root/back_ssh_badip AR=`wc -l $BKIP |awk '{print $1}'` lastb | awk '{print $3" "$6" "$7}' | awk -F: '{print $1}' |sort |uniq -c|awk '$1 > 5 {print $1" " $2" "$3" "$4}'| awk -vtime="$TIME" '{print time" "$1 " "$2" "$3" "$4}' >$BADIP cat $BADIP >> $BKIP for bip in `awk '{print $4}' "$BADIP"` do iptables -I INPUT -p tcp --dport 22  -s $bip -j DROP done AR2=`wc -l $BKIP |awk '{print $1}'` VALUE=`echo "$AR2-$AR"|bc` LAST=`tail -n $VALUE $BKIP` if [ $VALUE -gt 0 ] ; then sendmail -t <<EOF from: to:15101507336@139.com subject: 严重警告 $TIME 当前有人正在试探性连接SSH服务，系统已经帮你拦截，查看详情请登录系统。       $LAST EOF fi ~