登錄服務器失敗 IP 統計和處理方法
阿新 • • 發佈:2018-12-07
根據 nta tde shell cti start int The line
一、登錄ssh失敗次數統計
1)錯誤的打開方式
awk ‘/Failed password/ {print $(NF-3)}‘ secure |sort -n |uniq -c|sort -n |tail /var/log/secure
2)拷貝文件,再查看失敗
cp /var/log/secure .
awk ‘/Failed password/ {print $(NF-3)}‘ secure |sort -n |uniq -c|sort -n |tail
3)直接查看失敗
$ awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n
4)查看最近失敗的時間
less /var/log/secure
按G
二、對於防破解問題的處理
1)禁止密碼登錄方式
vi /etc/ssh/sshd_config
2)禁止失敗的IP登錄的方式
![技術分享圖片](/img/jia.gif)
# # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers/etc/hosts.deny-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a ‘deny‘ option instead. # # See ‘man 5 hosts_options‘ and ‘man 5 hosts_access‘ # for information on rule syntax. # See ‘man tcpd‘ for information on tcp_wrappers # sshd:192.168.2.41:deny
在/etc/hosts.deny文件下面
添加 sshd:192.168.2.41:deny
重啟sshd
三、實現python自動化寫入文件
1)獲取到失敗IP的文件
awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n > ip_fail.txt
2)查看原有的被限制IP的文件
3)執行python腳本文件
![技術分享圖片](/img/jia.gif)
def ip_index(): #讀取文件獲取到已經有被限制的IP ip_list = set() with open(‘hosts.deny‘,mode=‘r‘,encoding=‘utf-8‘) as f_log: for line in f_log: line = line.split(‘\n‘)[0].split(‘ ‘)[0] if len(line) !=0 and not line[0].startswith("#"): line = line.split(":") ip_list.add(line[1]) return ip_list def write(): # 寫入失敗的IP到配置文件中 with open(‘ip_fail.txt‘,mode=‘r‘,encoding=‘utf-8‘) as f: for line in f: line = line.split(‘\n‘)[0].split(‘ ‘) if int(line[6]) > 2: print(‘登錄失敗次數大於2的IP‘,line[7]) with open(‘hosts.deny‘,mode=‘a‘,encoding=‘utf-8‘) as f: if line[7] not in ip_list: f.write(‘sshd:%s:deny\n‘%line[7]) if __name__ == ‘__main__‘: ip_list = ip_index() write()ip_add=>hosts.deny
四、定時任務自動寫入hosts.deny配置文件的腳本
1)該腳本以失敗次數大於3的進行測試(執行環境python3)
![技術分享圖片](/img/jia.gif)
import subprocess command = "awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n" def result(command): # 獲取命令結果 obj=subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) return obj.stdout def ip_list(result): # 根據命令結果獲取到失敗IP的字典 ip_set={} for line in result: line=str(line) ip = line.split(‘ ‘)[-1].split(‘\\n‘)[0] count = line.split(‘ ‘)[-2] # 失敗次數大於3的 if int(count) > 3: ip_set[count]=ip return ip_set def ip_index(): #讀取文件獲取到已經有被限制的IP out_ip = set() with open(‘/etc/hosts.deny‘,mode=‘r‘,encoding=‘utf-8‘) as f_log: for line in f_log: line = line.split(‘\n‘)[0].split(‘ ‘)[0] if len(line) !=0 and not line[0].startswith("#"): line = line.split(":") out_ip.add(line[1]) return out_ip def write(out_ip,in_ip): with open(‘/etc/hosts.deny‘,mode=‘a‘,encoding=‘utf-8‘) as f: for ip in out_ip: if out_ip[ip] not in in_ip: f.write(‘sshd:%s:deny\n‘%out_ip[ip]) if __name__ == ‘__main__‘: in_ip = ip_index() # 獲取已有被限制的IP result = result(command) # 得到命令結果 out_ip=ip_list(result) # 根據命令結果獲取IP列表 write(out_ip,in_ip)View Code
2) centos6默認的python2.6執行環境
![技術分享圖片](/img/jia.gif)
import subprocess command = "awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n" def result(command): obj=subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) return obj.stdout def ip_list(result): ip_set={} for line in result: line=str(line) ip = line.split(‘ ‘)[-1].split(‘\\n‘)[0] count = line.split(‘ ‘)[-2] if int(count) > 3: ip_set[count]=ip return ip_set def ip_index(): out_ip = set() with open(‘/etc/hosts.deny‘,mode=‘r‘) as f_log: for line in f_log: line = line.split(‘\n‘)[0].split(‘ ‘)[0] if len(line) !=0 and not line[0].startswith("#"): line = line.split(":") out_ip.add(line[1]) return out_ip def write(out_ip,in_ip): with open(‘/etc/hosts.deny‘,mode=‘a‘) as f: for ip in out_ip: if out_ip[ip] not in in_ip: f.write(‘sshd:%s:deny\n‘%out_ip[ip]) if __name__ == ‘__main__‘: in_ip = ip_index() result = result(command) out_ip=ip_list(result) write(out_ip,in_ip)View Code
登錄服務器失敗 IP 統計和處理方法