#! /bin/bash

cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/black.txt

DEFINE="10"

for i in `cat  /root/black.txt`

do

    IP=`echo | awk '{split("'${i}'", array, "=");print array[1]}'`

    NUM=`echo | awk '{split("'${i}'", array, "=");print array[2]}'`

    if [ $NUM -gt $DEFINE ];then

     grep $IP /etc/hosts.deny > /dev/null

      if [ $? -gt 0 ];then

          echo "sshd:$IP:deny" >> /etc/hosts.deny

      fi

    fi

done　

crontab -e

*/ * * * *  sh /root/secure_ssh.sh

    -- :: cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

    -- :: cd /etc/yum.repos.d/

    -- :: wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

    -- :: yum makecache

    -- :: yum -y update

    -- :: vi

    -- :: yum install xinetd.x86_64

    -- :: service xinetd start

    -- :: /bin/systemctl start xinetd.service

#nameserver 183.60.83.19

nameserver 8.8.8.8

nameserver 114.114.114.114

#nameserver 183.60.82.98

#search localdomain

#options timeout: rotate

/etc/init.d/network restart

systemcts status systemd-logind

systemctl restart dbus

strace -o ~/starce_ssh.txt -T ssh localhost

tail -f ~/starce_ssh.txt

vim /etc/ssh/sshd_config

UseDNS no

#service sshd restart

#service sshd restart

ssh  -vvv root@*.*.*.*

debug1: Next authentication method: password

root@*********'s password:

debug3: packet_send2: adding  (len  padlen  extra_pad )

debug2: we sent a password packet, wait for reply

debug3: Wrote  bytes for a total of

debug1: Authentication succeeded (password).

debug1: channel : new [client-session]

debug3: ssh_session2_open: channel_new:

debug2: channel : send open

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug3: Wrote  bytes for a total of 

debug1: Entering interactive session.

debug3: Wrote  bytes for a total of

debug1: client_input_global_request: rtype hostkeys-@openssh.com want_reply

debug2: callback start

debug2: client_session2_setup: id

debug2: channel : request pty-req confirm

debug2: channel : request shell confirm

debug2: fd  setting TCP_NODELAY

debug2: callback done

debug2: channel : open confirm rwindow  rmax

debug3: Wrote  bytes for a total of

debug2: channel_input_status_confirm: type  id

debug2: PTY allocation request accepted on channel

debug2: channel : rcvd adjust

debug2: channel_input_status_confirm: type  id

debug2: shell request accepted on channel

Last failed login: Thu Jun  :: CST  from 112.85.42.201 on ssh:notty

There were  failed login attempts since the last successful login.

Last login: Thu Jun  ::  from 124.204.55.194

[root@VM_128_5_centos ~]#

tail -f /var/log/messages

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd-logind: New session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.

Jun  :: localhost sshd[]: Accepted password for root from 124.204.55.194 port  ssh2

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd-logind: New session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.

Jun  :: localhost sshd[]: Failed password for root from 123.59.209.10 port  ssh2

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.

Jun  :: localhost sshd[]: Received disconnect from 123.59.209.10 port :: Normal Shutdown, Thank you for playing [preauth]

Jun  :: localhost sshd[]: Disconnected from 123.59.209.10 port  [preauth]

Jun  :: localhost systemd: Started Session  of user root.

Jun  :: localhost systemd: Starting Session  of user root.