一、登录ssh失败次数统计
1)错误的打开方式
awk '/Failed password/ {print $(NF-3)}' secure |sort -n |uniq -c|sort -n |tail /var/log/secure
2)拷贝文件,再查看失败
cp /var/log/secure .
awk '/Failed password/ {print $(NF-3)}' secure |sort -n |uniq -c|sort -n |tail
3)直接查看失败
$ awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n
4)查看最近失败的时间
less /var/log/secure
按G
二、对于防破解问题的处理
1)禁止密码登录方式
vi /etc/ssh/sshd_config
2)禁止失败的IP登录的方式
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd:192.168.2.41:deny
/etc/hosts.deny
在/etc/hosts.deny文件下面
添加 sshd:192.168.2.41:deny
重启sshd
三、实现python自动化写入文件
1)获取到失败IP的文件
awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n > ip_fail.txt
2)查看原有的被限制IP的文件
3)执行python脚本文件
def ip_index():
#读取文件获取到已经有被限制的IP
ip_list = set()
with open('hosts.deny',mode='r',encoding='utf-8') as f_log:
for line in f_log:
line = line.split('\n')[].split(' ')[]
if len(line) != and not line[].startswith("#"):
line = line.split(":")
ip_list.add(line[])
return ip_list def write():
# 写入失败的IP到配置文件中
with open('ip_fail.txt',mode='r',encoding='utf-8') as f:
for line in f:
line = line.split('\n')[].split(' ')
if int(line[]) > :
print('登录失败次数大于2的IP',line[])
with open('hosts.deny',mode='a',encoding='utf-8') as f:
if line[] not in ip_list:
f.write('sshd:%s:deny\n'%line[]) if __name__ == '__main__':
ip_list = ip_index()
write()
ip_add=>hosts.deny
四、定时任务自动写入hosts.deny配置文件的脚本
1)该脚本以失败次数大于3的进行测试(执行环境python3)
import subprocess
command = "awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n"
def result(command):
# 获取命令结果
obj=subprocess.Popen(command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
)
return obj.stdout def ip_list(result):
# 根据命令结果获取到失败IP的字典
ip_set={}
for line in result:
line=str(line)
ip = line.split(' ')[-].split('\\n')[]
count = line.split(' ')[-]
# 失败次数大于3的
if int(count) > :
ip_set[count]=ip
return ip_set def ip_index():
#读取文件获取到已经有被限制的IP
out_ip = set()
with open('/etc/hosts.deny',mode='r',encoding='utf-8') as f_log:
for line in f_log:
line = line.split('\n')[].split(' ')[]
if len(line) != and not line[].startswith("#"):
line = line.split(":")
out_ip.add(line[])
return out_ip def write(out_ip,in_ip):
with open('/etc/hosts.deny',mode='a',encoding='utf-8') as f:
for ip in out_ip:
if out_ip[ip] not in in_ip:
f.write('sshd:%s:deny\n'%out_ip[ip]) if __name__ == '__main__':
in_ip = ip_index() # 获取已有被限制的IP
result = result(command) # 得到命令结果
out_ip=ip_list(result) # 根据命令结果获取IP列表
write(out_ip,in_ip)
2) centos6默认的python2.6执行环境
import subprocess
command = "awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n"
def result(command):
obj=subprocess.Popen(command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
)
return obj.stdout def ip_list(result):
ip_set={}
for line in result:
line=str(line)
ip = line.split(' ')[-].split('\\n')[]
count = line.split(' ')[-]
if int(count) > :
ip_set[count]=ip
return ip_set def ip_index():
out_ip = set()
with open('/etc/hosts.deny',mode='r') as f_log:
for line in f_log:
line = line.split('\n')[].split(' ')[]
if len(line) != and not line[].startswith("#"):
line = line.split(":")
out_ip.add(line[])
return out_ip def write(out_ip,in_ip):
with open('/etc/hosts.deny',mode='a') as f:
for ip in out_ip:
if out_ip[ip] not in in_ip:
f.write('sshd:%s:deny\n'%out_ip[ip]) if __name__ == '__main__':
in_ip = ip_index()
result = result(command)
out_ip=ip_list(result)
write(out_ip,in_ip)
3)修改bug。(以IP为key),前面是以次数为key。
import subprocess
command = "awk '/Failed password/ {print $(NF-3)}' /var/log/secure |sort -n |uniq -c|sort -n"
def result(command):
# 获取命令结果
obj=subprocess.Popen(command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
)
return obj.stdout def ip_list(result):
# 根据命令结果获取到失败IP的字典
ip_set={}
for line in result:
line=str(line)
ip = line.split(' ')[-].split('\\n')[]
count = line.split(' ')[-]
# 失败次数大于3的
if int(count) > :
ip_set[ip]=count
return ip_set def ip_index():
#读取文件获取到已经有被限制的IP
out_ip = set()
with open('/etc/hosts.deny',mode='r',encoding='utf-8') as f_log:
for line in f_log:
line = line.split('\n')[].split(' ')[]
if len(line) != and not line[].startswith("#"):
line = line.split(":")
out_ip.add(line[])
return out_ip def write(out_ip,in_ip):
with open('/etc/hosts.deny',mode='a',encoding='utf-8') as f:
for ip in out_ip:
print(ip)
if ip not in in_ip:
f.write('sshd:%s:deny\n'%ip) if __name__ == '__main__':
in_ip = ip_index() # 获取已有被限制的IP
result = result(command) # 得到命令结果
out_ip=ip_list(result) # 根据命令结果获取IP列表
write(out_ip,in_ip)