程式是在對岸網站找到的覺得還不錯用就分享一下了~ 這可以小程式檢查一下你的系統是否安全以下是centos版本
ubuntu請修改/var/log/secure為/var/log/auth.log即可使用
下載程式然後上傳到你的服務器
http://pan.baidu.com/s/1qWIwUxI
#!/bin/bash stty intr undef stty -echo clear echo -e "\n\t\t\tCheung Kei Cheun All Rights Reserved\n" info(){ printf "33[?25l" i=0 while [ $i -le 96 ] do printf "_" sleep 0.01 let i++ done echo -e "\n" } show(){ printf "33[12;96H" i=0 while [ $i -le 5 ] do printf "\b/" sleep 0.05 printf "\b-" sleep 0.05 printf "\b\\" sleep 0.05 printf "\b|" sleep 0.05 let i++ done printf "\b " printf "33[?25h" } ######## info ######### ########## show printf "33[?25l" echo -en "\t"; i=0 while [ $i -le 100 ] do printf "_" printf "33[2D" let i++ sleep 0.01 done waitt(){ sleep 0.1 } corpration(){ echo -en "\n\n\n\t\t\tC";waitt;echo -n "h";waitt;echo -n "e";waitt;echo -n "u";waitt;echo -n "n";waitt;echo -n "g";waitt;echo -en "\tK";waitt;echo -n "e";waitt;echo -n "i";waitt;echo -en "\tC";waitt;echo -n "h";waitt;echo -n "e";waitt;echo -n "u";waitt;echo "n" echo -e "\n\t\t\tCopright © 2013-2100 Cheung Kei Cheun All Rights Reserved" } corpration printf "\n33[?25h\n" echo -e "\n\n" stty intr ^c stty echo ######################################################################## if [ "`id -u`" -ne 0 ] then echo "You must run under the root account ! " exit 1 fi VERSION="1.3" umask 077 file=IP.txt trap 'rm -fr $file;cd - >/dev/null;rm -fr $0' EXIT mkdir -p /cheung/bin 2>/dev/null cd /cheung/ echo -e "檢查有效帳號的登陸失敗的情況 :\n" >$file echo -e " Times Account\t\t\tIPaddr" >>$file echo -e "======= ======\t\t\t=======================================" >>$file grep "Failed" /var/log/secure |grep -v "invalid"|awk '{printf $9 "\t\t\t" $11 "\n"}'|sort|uniq -c|sort -nk 1 >>$file echo -e "____________________________________________________________________" >>$file echo -e "檢查無效帳號的登陸失敗的情況 :\n" >>$file grep "Failed" /var/log/secure |grep "invalid"|awk '{printf $11 "\t\t\t" $13 "\n"}'|sort|uniq -c|sort -nk 1 >>$file #檢查各個帳號登陸失敗的次數檢查 echo -e "____________________________________________________________________" >>$file echo "以下帳號是有效的系統帳號登陸失敗次數:" >>$file echo -e " Times Account" >>$file echo -e "======= ==================================================" >>$file grep "Failed" /var/log/secure |grep -v "invalid"|awk '{printf $9 "\n"}'|sort|uniq -c|sort -nk 1 >>$file #檢查有效帳號登陸失敗的次數 echo -e "____________________________________________________________________" >>$file echo "以下是系統不存在的帳號,是猜測的帳號:" >>$file grep "Failed" /var/log/secure |grep "invalid"|awk '{printf $11 "\n"}'|sort|uniq -c|sort -nk 1 >>$file #檢查無效帳號登陸失敗的次數 echo -e "____________________________________________________________________" >>$file echo "以下是攻擊源的攻擊次數: " >>$file echo " Times IPaddr" >>$file echo "======= ==================================================" >>$file touch tmp grep "Failed" /var/log/secure |grep -v "invalid"|awk '{printf $11 "\n"}' >tmp grep "Failed" /var/log/secure |grep "invalid"|awk '{printf $13 "\n"}' >>tmp cat /cheung/tmp |sort|uniq -c|sort -nk 1 >>$file rm -fr tmp more $file echo -e "____________________________________________________________________" echo "總共的登陸失敗次數: $(expr `grep Failed /var/log/secure |grep -v invalid|wc -l` + `grep Failed /var/log/secure |grep invalid|wc -l`) 次" #共計總登陸失敗次數 echo "----------------------------------Over----------------------------------" echo "=============================================Version $VERSION============================================="
執行結果會像以下的例子:
檢查有效帳號的登陸失敗的情況 :
Times Account IPaddr
======= ====== =======================================
3 nobody 201.150.8.131
27 root 201.150.8.131
____________________________________________________________________
檢查無效帳號的登陸失敗的情況 :
1 a 201.150.8.131
1 android 201.150.8.131
1 bnc 201.150.8.131
1 bot 201.150.8.131
1 cpu 201.150.8.131
1 data 201.150.8.131
1 debian 201.150.8.131
1 dos 201.150.8.131
1 exploit 201.150.8.131
1 freebsd 201.150.8.131
1 guest 201.150.8.131
1 hacker 201.150.8.131
1 info 201.150.8.131
1 irc 201.150.8.131
1 linux 201.150.8.131
1 max 201.150.8.131
1 mysql 201.150.8.131
1 oracle 201.150.8.131
1 php 201.150.8.131
1 postgres 201.150.8.131
1 psybnc 201.150.8.131
1 ram 201.150.8.131
1 redhat 201.150.8.131
1 rfi 201.150.8.131
1 shell 201.150.8.131
1 system 201.150.8.131
1 test 201.150.8.131
1 ubuntu 201.150.8.131
1 unix 201.150.8.131
1 user 201.150.8.131
1 vnc 201.150.8.131
1 vps 201.150.8.131
1 web 201.150.8.131
1 yahoo 201.150.8.131
2 admin123 201.150.8.131
3 deb 201.150.8.131
10 admin 201.150.8.131
____________________________________________________________________
以下帳號是有效的系統帳號登陸失敗次數:
Times Account
======= ==================================================
3 nobody
27 root
____________________________________________________________________
以下是系統不存在的帳號,是猜測的帳號:
1 a
1 android
1 bnc
1 bot
1 cpu
1 data
1 debian
1 dos
1 exploit
1 freebsd
1 guest
1 hacker
1 info
1 irc
1 linux
1 max
1 mysql
1 oracle
1 php
1 postgres
1 psybnc
1 ram
1 redhat
1 rfi
1 shell
1 system
1 test
1 ubuntu
1 unix
1 user
1 vnc
1 vps
1 web
1 yahoo
2 admin123
3 deb
10 admin
____________________________________________________________________
以下是攻擊源的攻擊次數:
Times IPaddr
======= ==================================================
79 201.150.8.131
____________________________________________________________________
總共的登陸失敗次數: 79 次