1. 程式人生 > >登錄服務器失敗 IP 統計和處理方法

登錄服務器失敗 IP 統計和處理方法

根據 nta tde shell cti start int The line

一、登錄ssh失敗次數統計

1)錯誤的打開方式

awk ‘/Failed password/ {print $(NF-3)}‘ secure |sort -n |uniq -c|sort -n |tail /var/log/secure

技術分享圖片

2)拷貝文件,再查看失敗

cp /var/log/secure .

awk ‘/Failed password/ {print $(NF-3)}‘ secure |sort -n |uniq -c|sort -n |tail

3)直接查看失敗

技術分享圖片

$ awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n

4)查看最近失敗的時間

less /var/log/secure

按G

二、對於防破解問題的處理

1)禁止密碼登錄方式

vi /etc/ssh/sshd_config

技術分享圖片

2)禁止失敗的IP登錄的方式

技術分享圖片
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers
-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a deny option instead. # # See man 5 hosts_options and man 5 hosts_access # for information on rule syntax. # See man tcpd for information on tcp_wrappers # sshd:
192.168.2.41:deny
/etc/hosts.deny

在/etc/hosts.deny文件下面

添加 sshd:192.168.2.41:deny

重啟sshd

三、實現python自動化寫入文件

1)獲取到失敗IP的文件

awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n > ip_fail.txt

技術分享圖片

2)查看原有的被限制IP的文件

技術分享圖片

3)執行python腳本文件

技術分享圖片
def ip_index():
    #讀取文件獲取到已經有被限制的IP
    ip_list = set()
    with open(hosts.deny,mode=r,encoding=utf-8) as f_log:
        for line in f_log:
            line = line.split(\n)[0].split( )[0]
            if len(line) !=0 and not line[0].startswith("#"):
                line = line.split(":")
                ip_list.add(line[1])
    return ip_list

def write():
    # 寫入失敗的IP到配置文件中
    with open(ip_fail.txt,mode=r,encoding=utf-8) as f:
        for line in f:
            line = line.split(\n)[0].split( )
            if int(line[6]) > 2:
                print(登錄失敗次數大於2的IP,line[7])
                with open(hosts.deny,mode=a,encoding=utf-8) as f:
                    if line[7] not in ip_list:
                        f.write(sshd:%s:deny\n%line[7])

if __name__ == __main__:
    ip_list = ip_index()
    write()
ip_add=>hosts.deny

四、定時任務自動寫入hosts.deny配置文件的腳本

1)該腳本以失敗次數大於3的進行測試(執行環境python3)

技術分享圖片
import subprocess
command = "awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n"
def result(command):
    # 獲取命令結果
    obj=subprocess.Popen(command,
                     shell=True,
                     stdout=subprocess.PIPE,
                     stderr=subprocess.PIPE
                     )
    return obj.stdout

def ip_list(result):
    # 根據命令結果獲取到失敗IP的字典
    ip_set={}
    for line in result:
        line=str(line)
        ip = line.split( )[-1].split(\\n)[0]
        count = line.split( )[-2]
        # 失敗次數大於3的
        if int(count) > 3:
            ip_set[count]=ip
    return ip_set

def ip_index():
    #讀取文件獲取到已經有被限制的IP
    out_ip = set()
    with open(/etc/hosts.deny,mode=r,encoding=utf-8) as f_log:
        for line in f_log:
            line = line.split(\n)[0].split( )[0]
            if len(line) !=0 and not line[0].startswith("#"):
                line = line.split(":")
                out_ip.add(line[1])
    return out_ip


def write(out_ip,in_ip):
    with open(/etc/hosts.deny,mode=a,encoding=utf-8) as f:
        for ip in out_ip:
            if out_ip[ip] not in in_ip:
                f.write(sshd:%s:deny\n%out_ip[ip])


if __name__ == __main__:
    in_ip = ip_index()  # 獲取已有被限制的IP
    result = result(command)    # 得到命令結果
    out_ip=ip_list(result)     # 根據命令結果獲取IP列表
    write(out_ip,in_ip)
View Code

2) centos6默認的python2.6執行環境

技術分享圖片
import subprocess
command = "awk ‘/Failed password/ {print $(NF-3)}‘ /var/log/secure |sort -n |uniq -c|sort -n"
def result(command):
    obj=subprocess.Popen(command,
                     shell=True,
                     stdout=subprocess.PIPE,
                     stderr=subprocess.PIPE
                     )
    return obj.stdout

def ip_list(result):
    ip_set={}
    for line in result:
        line=str(line)
        ip = line.split( )[-1].split(\\n)[0]
        count = line.split( )[-2]
        if int(count) > 3:
            ip_set[count]=ip
    return ip_set

def ip_index():
    out_ip = set()
    with open(/etc/hosts.deny,mode=r) as f_log:
        for line in f_log:
            line = line.split(\n)[0].split( )[0]
            if len(line) !=0 and not line[0].startswith("#"):
                line = line.split(":")
                out_ip.add(line[1])
    return out_ip


def write(out_ip,in_ip):
    with open(/etc/hosts.deny,mode=a) as f:
        for ip in out_ip:
            if out_ip[ip] not in in_ip:
                f.write(sshd:%s:deny\n%out_ip[ip])


if __name__ == __main__:
    in_ip = ip_index()
    result = result(command)
    out_ip=ip_list(result)
    write(out_ip,in_ip)
View Code

登錄服務器失敗 IP 統計和處理方法