好吧,今天周天,没去公司,最近越来越小资了,居然周天不去公司!而且晚上还做了可乐鸡翅,第一次下厨,味道还行,刚维护完服务器趁着心情抓紧看书,看到个脚本,写下来,虽然不怎么懂,但是我会逐条去理解:
好吧,开始解释下边的代码,(为什么放到上边解释呢,因为我放到下边发现老是在编辑器里边,无法跳到空白栏),注释加到代码里边发现会换行..
|
1 |
#!/bin/bash |
好吧,我承认下边的代码我写错了,写成中文的了…,这个我就不解释了,这个就是说我要bash来做解释器,因为shell有好多种….语法有所不同,所以这个肯定要有
|
1 2 |
#Denyhosts SHELL SCRIPT #20121111 |
好吧,这个就是注释了,光棍节的注释
下边我们逐个命令来解释了,
|
1 |
cat /var/log/secure |
这个句话,就是要查看/var/log/secure下的内容,查看了干吗?当然是给后边的命令了…
稍等,我开虚拟机
这条命令执行的结果为:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
Nov 5 18:51:56 jmx sshd[3723]: Connection closed by 127.0.0.1 Nov 5 18:56:56 jmx sshd[3829]: Connection closed by 127.0.0.1 Nov 5 19:01:56 jmx sshd[3922]: Connection closed by 127.0.0.1 Nov 5 19:06:56 jmx sshd[3998]: Connection closed by 127.0.0.1 Nov 5 19:11:56 jmx sshd[4073]: Connection closed by 127.0.0.1 Nov 5 19:16:56 jmx sshd[4139]: Connection closed by 127.0.0.1 Nov 5 19:21:56 jmx sshd[4214]: Connection closed by 127.0.0.1 Nov 5 19:26:56 jmx sshd[4276]: Connection closed by 127.0.0.1 Nov 5 19:31:56 jmx sshd[4343]: Connection closed by 127.0.0.1 Nov 5 19:36:12 jmx sshd[2943]: pam_unix(sshd:session): session closed for user root Nov 5 19:36:17 jmx polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.43, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Nov 5 19:36:29 jmx sshd[2067]: Received signal 15; terminating. Nov 10 04:49:09 jmx sshd[2044]: Server listening on 0.0.0.0 port 22. Nov 10 04:49:09 jmx sshd[2044]: Server listening on :: port 22. Nov 10 04:49:10 jmx su: pam_unix(su-l:session): session opened for user nagios by (uid=0) Nov 10 04:49:10 jmx su: pam_unix(su-l:session): session closed for user nagios Nov 10 04:49:14 jmx polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Nov 10 04:49:51 jmx sshd[2858]: Accepted password for root from 192.168.220.1 port 49991 ssh2 Nov 10 04:49:52 jmx sshd[2858]: pam_unix(sshd:session): session opened for user root by (uid=0) Nov 10 04:55:23 jmx sshd[2961]: Connection closed by 127.0.0.1 Nov 10 05:00:23 jmx sshd[3020]: Connection closed by 127.0.0.1 Nov 10 05:05:23 jmx sshd[3109]: Connection closed by 127.0.0.1 Nov 10 05:10:23 jmx sshd[3163]: Connection closed by 127.0.0.1 Nov 10 05:15:23 jmx sshd[3223]: Connection closed by 127.0.0.1 Nov 10 05:20:23 jmx sshd[3277]: Connection closed by 127.0.0.1 Nov 10 05:24:13 jmx sshd[2858]: pam_unix(sshd:session): session closed for user root Nov 11 04:02:00 jmx sshd[2123]: Server listening on 0.0.0.0 port 22. Nov 11 04:02:00 jmx sshd[2123]: Server listening on :: port 22. Nov 11 04:02:02 jmx su: pam_unix(su-l:session): session opened for user nagios by (uid=0) Nov 11 04:02:03 jmx su: pam_unix(su-l:session): session closed for user nagios Nov 11 04:02:12 jmx polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Nov 11 04:02:24 jmx sshd[2869]: Accepted password for root from 192.168.220.1 port 53703 ssh2 Nov 11 04:02:24 jmx sshd[2869]: pam_unix(sshd:session): session opened for user root by (uid=0) |
然后就是这条命令:
|
1 |
awk '/Failed/{print $(NF-3)}' |
awk 神器啊,我们先看下结果吧,好吧,我这输出为空….,先解释下NF,NF就是每行拥有的字段总数,
然后就是输出倒数第三列….
|
1 |
sort |
这个就是排序了….
|
1 |
uniq -c |
这个就是算算每个的次数了,uniq的意思是去重复,-c 才是count
然后就是下一句
|
1 |
do |
和下边的
|
1 |
done |
是一对,这个我就不罗嗦了
|
1 |
awk '{print $2 "=" $1;}' >/root/black.txt |
这个的意思就是按照标准格式输出
类似:
192.168.0.1 = 10
然后把它输出到black中
|
1 |
DEFINE="10" |
然后定义了一个最大次数
|
1 |
for i in 'cat /root/black.txt' |
这句话就是一个循环….(应该是一个逐行的循环…每一行都取出来 @皮总 ,是这个意思不?)
|
1 |
IP='echo $i |awk -F= '{print $1}'' |
这句话就是说:给老子把第一行拿出来,然后按照“=”进行分割,把第一个参数赋值给IP
|
1 |
NUM='echo $i |awk -F= '${print $2}' |
同样的把次数赋值NUM
|
1 |
grep $IP /etc/hosts.deny >/dev/null |
这个地方看一下以前hosts.deny是否有这个ip了,当然,/dev/null是个垃圾箱..无底的
|
1 |
if [ $? -gt 0 ]; |
$?是一个状态码,就是上一条命令是否执行成功了,
也就是说grep 是否有结果,有说明已经存在,没有说明…就是没有
|
1 |
then |
如果没放进去过就放进去
|
1 |
echo "sshd:$IP" >> /etc/hosts.deny |
然后就是结束if
结束if
然后我来执行下,因为语法什么的的,空格什么的,我估计会有问题
好吧,果然报错:
|
1 2 |
./deny.sh: line 17: syntax error near unexpected token `fi' ./deny.sh: line 17: ` fi' |
我晕啊,这个是啥个意思啊?
是不是空格有问题啊?
大爷的,我查了好半天居然是少了个then…
|
1 |
if [ $NUM -gt 0 ] |
好吧,还是不能运行
|
1 |
./deny.sh: line 10: 'echo $i |awk -F= '${print $2}'': bad substitution |
大爷的,9行不报错,10行报错…
好吧,网上查了下说要换成bash,问题我本来就是bash啊!!!!好吧,应该是awk语法有问题,我记得之前不是这么写的
好吧,我错了
|
1 |
NUM='echo $i |awk -F "=" '${print $2}'' |
我改成这样也报错….
好吧,我忽略了9行报错说命令不存在….
好吧,实在看不出来了….
@皮总看这里,这个为啥报错啊?
———————————给小弟解释下吧
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#!/bin/bash #Denyhosts SHELL SCRIPT #20121111 cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c |awk '{print $2 "=" $1;}' >/root/black.txt DEFINE="10" for i in 'cat /root/black.txt' do IP='echo $i |awk -F= '{print $1}'' NUM='echo $i |awk -F= '${print $2}'' if [ $NUM -gt 0 ] grep $IP /etc/hosts.deny >/dev/null if [ $? -gt 0 ]; then echo "sshd:$IP" >> /etc/hosts.deny fi fi done |
最终不报错的版本如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#!/bin/bash #Denyhosts SHELL SCRIPT #20121111 cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c |awk '{print $2 "=" $1;}' >/root/black.txt DEFINE="10" for i in 'cat /root/black.txt' do IP=`echo $i |awk -F"=" '{print $1 }'` NUM=`echo $i |awk -F"=" '{print $2 }'` if [[ $NUM -gt 0 ]]; then grep $IP /etc/hosts.deny >/dev/null if [ $? -gt 0 ]; then echo " sshd:$IP " >>/etc/hosts.deny fi fi done |
感谢@wzk,@皮总,@wzp24,还有每次遇到问题都会打扰的@逝水fox
最后感谢@红薯….
感谢国家,感谢人民…
感谢多了….
时间:2012-11-11 20:44:12
Latest posts by Zhiming Zhang (see all)
- aws eks node 自动化扩展工具 Karpenter - 8月 10, 2022
- ReplicationController and ReplicaSet in Kubernetes - 12月 20, 2021
- public key fingerprint - 5月 27, 2021