Код: Выделить всё
Sep 30 04:28:29 proxy proftpd[30310]: proxy.dom.local (85.15.207.111[85.15.207.111]) - USER Administrator (Login failed): Incorrect password.
Sep 30 04:28:37 proxy proftpd[30310]: proxy.dom.local (85.15.207.111[85.15.207.111]) - USER Administrator (Login failed): Incorrect password.
Sep 30 04:28:37 proxy proftpd[30310]: proxy.dom.local (85.15.207.111[85.15.207.111]) - USER Administrator (Login failed): Incorrect password.
Sep 30 04:28:37 proxy proftpd[30310]: proxy.dom.local (85.15.207.111[85.15.207.111]) - Maximum login attempts (3) exceeded, connection refused
Для теста использую скрипт
Код: Выделить всё
#!/bin/sh
cat /var/log/auth.log | grep failed | awk '{print $7}' | sort | uniq -c | sort
{
while read count_IP
do
count_deny=`echo ${count_IP} | awk '{print $1}'`
IP=`echo ${count_IP} | awk '{print $2}'`
if [ ${count_deny} -ge 10 ]
then
echo "IP address = ${IP} deny count = ${count_deny}"
#/sbin/ipfw add 1 deny ip from ${IP} to me >/dev/null 2>&1
fi
done
}
Я только постигаю премудрости shell-а поэтому не пинайте сильно.