建立檔案dovecotdeny.sh
vi /root/dovecotdeny.sh
#! /bin/bash cat /var/log/secure|awk '/authentication failure/{print $(NF-1)}'|sort|uniq -c|sed 's/rhost=/ /g'|sed 's/::ffff://g'|awk '{print $2"="$1;}' > /root/blackdovecot.txt cat blackdovecot.txt |egrep ^[0-9].[0-9]* > /root/blackdovecot1.txt DEFINE="30" for i in `cat /root/blackdovecot1.txt` do IP=`echo $i |awk -F= '{print $1}'` NUM=`echo $i|awk -F= '{print $2}'` if [ $NUM -gt $DEFINE ]; then grep $IP /etc/hosts.deny > /dev/null if [ $? -gt 0 ]; then echo "dovecot:$IP" >> /etc/hosts.deny echo "vsftpd:$IP" >> /etc/hosts.deny fi fi done
DEFINE="30"是對方IP TRY 30次錯誤就封鎖
再來就是加入排程
crontab -e
50 * * * * /root/dovecotdeny.sh
參考文章
http://www.tshopping.com.tw/thread-201779-1-1.html