脚本1：

#!/bin/bash

#统计尝试登陆次数 cat /var/log/secure | grep "Failed password" | awk '{ print $(NF-3)}' | sort -n | uniq -c | awk '{ print $2"="$1}' > abc.txt #得到扫描失败的ip地址 ipaddr=($(cat /var/log/secure | grep "Failed password" | awk '{ print $(NF-3)}' | sort -n | uniq -c | awk '{ print $2"="$1}')) for i in ${ipaddr[@]} ; do         NUM=$(cat abc.txt | awk '{print $1}')         IP=$(cat abc.txt | awk '{print $2}')         if [[ $NUM > 15 ]]; #得到扫描超过15次的ip地址         then                 grep $IP /etc/hosts.deny > /dev/null                 if [[ $? != 0 ]]; #判断该ip是否在/etc/hosts.deny中                 then                         echo "sshd:$IP" >> /etc/hosts.deny                 fi         fi

done

另一种写法：

#/bin/bash

##deny ssh from invalid remote client  grep "Failed password"  /var/log/secure | awk '{ print $(NF-3)}' | sort -n | uniq -c > /tmp/ssh_log while read num ip do     if (($num > 15))     then         grep $ip /var/log/secure &>/dev/null             if [[ $? != 0 ]]             then                 echo "sshd:$ip" >> /etc/host.deny             fi     fi done < /tmp/ssh_log