6步教你封杀恶意登录服务器的ip(1)
《一线大厂Java面试题解析+核心总结学习笔记+最新讲解视频+实战项目源码》,点击传送门,即可获取!
Jun 5 12:51:19 localhost sshd[10394]: pam_unix(sshd:session): session opened for user root by (uid=
Jun 5 13:03:00 localhost sshd[10428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 e
uid=0 tty=ssh ruser= rhost=192.168.10.1 user=root
Jun 5 13:03:00 localhost sshd[10428]: pam_succeed_if(sshd:auth): requirement “uid >= 1000” not met
by user “root”
Jun 5 13:03:02 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:06 localhost sshd[10428]: pam_succeed_if(sshd:auth): requirement “uid >= 1000” not met
by user “root”
Jun 5 13:03:08 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:14 localhost sshd[10428]: pam_succeed_if(sshd:auth): requirement “uid >= 1000” not met
–More–
- 过滤其它ip,只看登录失败的ip地址
[root@localhost ~]# grep “Failed password” /var/log/secure
Jun 5 13:03:02 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:08 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:16 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:27 localhost sshd[10431]: Failed password for root from 192.168.10.1 port 64438 ssh2
Jun 5 13:15:33 localhost sshd[10442]: Failed password for root from 192.168.10.10 port 49796 ssh2
Jun 5 13:15:38 localhost sshd[10442]: Failed password for root from 192.168.10.10 port 49796 ssh2
Jun 5 13:15:38 localhost sshd[10442]: Failed password for root from 192.168.10.10 port 49796 ssh2
Jun 5 13:15:46 localhost sshd[10444]: Failed password for root from 192.168.10.10 port 49798 ssh2
Jun 5 13:15:50 localhost sshd[10444]: Failed password for root from 192.168.10.10 port 49798 ssh2
Jun 5 13:15:53 localhost sshd[10444]: Failed password for root from 192.168.10.10 port 49798 ssh2
Jun 5 13:15:59 localhost sshd[10446]: Failed password for root from 192.168.10.10 port 49800 ssh2
Jun 5 13:16:00 localhost sshd[10446]: Failed password for root from 192.168.10.10 port 49800 ssh2
Jun 5 13:16:02 localhost sshd[10446]: Failed password for root from 192.168.10.10 port 49800 ssh2
[root@localhost ~]#
- 打印登录失败的ip
[root@localhost ~]# grep “Failed password” /var/log/secure |awk ‘{print$(NF-3)}’
192.168.10.1
192.168.10.1
192.168.10.1
192.168.10.1
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
[root@localhost ~]#
- 进行排序,统计次数
[root@localhost ~]# grep “Failed password” /var/log/secure |awk ‘{print$(NF-3)}’|sort|uniq -c|sort -nr
9 192.168.10.10
4 192.168.10.1
[root@localhost ~]#
- 匹配恶意登录次数大于5次的ip
[root@localhost ~]# grep “Failed password” /var/log/secure |awk ‘{print$(NF-3)}’|sort|uniq -c|sort -nr|awk ‘{if ($1>=5) print $2}’
192.168.10.10
[root@localhost ~]#
- 对匹配出来的做一个for循环,然后写入防火墙文件
[root@localhost ~]# for i in $(grep “Failed password” /var/log/secure|awk ‘{print $(NF-3)}’|sort|uniq -c|sort -nr|awk ‘{if($1>=5) print $2}’);do sed -i “/lo/a -A INPUT -s $i -j DROP” /etc/sysconfig/iptables ;done
总结
面试题总结
其它面试题(springboot、mybatis、并发、java中高级面试总结等)
《一线大厂Java面试题解析+核心总结学习笔记+最新讲解视频+实战项目源码》,点击传送门,即可获取!
[外链图片转存中…(img-UTziSXNi-1714407491720)]
[外链图片转存中…(img-p7ePVW6n-1714407491720)]
《一线大厂Java面试题解析+核心总结学习笔记+最新讲解视频+实战项目源码》,点击传送门,即可获取!
上一篇:ubuntu系统下大数据服务器磁盘调优测试记录_ubuntu vdbench 优化
下一篇:恒源云 & PyCharm!!!深度学习在恒源云上租服务器并进行远程连接超级详细教程!!!(个人学习记录)