#!/bin/bash
# # SSH Á¢¼Ó½Ãµµ ¾ÆÀÌÇÇÁß ¿©·¯Â÷·Ê Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ Â÷´Ü ½ºÅ©¸³Æ®
# ÇÏ·ç¿¡ Çѹø ½ÇÇà(crontabÀ¸·Î 23:59ºÐ¿¡ ½ÇÇà½ÃÄÑ ÁÖ¼¼¿ä.)
ADMIN_EMAIL=***@*** #º¸°í ¹ÞÀ» À̸ÞÀÏ ÁÖ¼Ò
REFUSED_IP_LIST='refused_ip_list.txt' #Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ ¸®½ºÆ®
SAVE_DIR='/root/refused_ip' #±â·ÏµÉ µð·ºÅ丮
INPUT_IPTABLES='input_iptables_list' #Â÷´Ü ¾ÆÀÌÇÇ ¸®½ºÆ®(iptables¿¡ ¸®½ºÆ®¾÷ ´ë»ó)
COUNT=5 #°ÅÀýȽ¼öÁ¤ÀÇ
onCE="Y" #¿À´ÃÀÇ °ÅÀý ¸®½ºÆ® À¯/¹« È®ÀÎ º¯¼ö
#ÀúÀåµÉ µð·ºÅ丮 »ý¼º
mkdir -p $SAVE_DIR
#ÀúÀåµÉ µð·ºÅ丮°¡ ¾ø´Ù¸é
if [ -z `/usr/bin/find $SAVE_DIR -name $REFUSED_IP_LIST` ]; then
touch $SAVE_DIR/$REFUSED_IP_LIST
touch $SAVE_DIR/$INPUT_IPTABLES
fi
# ¿À´Ã³¯Â¥
DATE="$(date +%Y-%m-%d)"
TODAY="$(date '+%b %e')"
#¿À´Ã ½ÇÇà ¿©ºÎ È®ÀÎ(Áߺ¹ ½ÇÇà ¹æÁö)
CHECK_TODAY=`/bin/grep "$DATE" $SAVE_DIR/$REFUSED_IP_LIST`
#¿À´Ã óÀ½½ÇÇà Çß´Ù¸é(Çѹø¸¸ ½ÇÇà Çϵµ·Ï üũ)
if [ "$CHECK_TODAY" != "$DATE" ]; then
#messages ·Î±×¿¡¼ °ÅÀýµÈ IP ã±â
REFUSED_LIST=`/bin/grep "$TODAY" /var/log/messages |grep ssh |grep refused |awk '{print $9}'`
if [ "$REFUSED_LIST" == "" ]; then
exit 0
fi
echo $DATE >> $SAVE_DIR/$REFUSED_IP_LIST
for i in $REFUSED_LIST
do
#°ÅÀýȽ¼ö Ä«¿îÅÍ
IP_COUNT=`/bin/grep -c $i $SAVE_DIR/$REFUSED_IP_LIST`
#Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ ¸®½ºÆ®¿¡ ¾ø´Ù¸é
if ! /bin/grep $i $SAVE_DIR/$REFUSED_IP_LIST ;then
#Çã°¡µÈ ¾ÆÀÌÇǰ¡ ¾Æ´Ï¶ó¸é
if (! /bin/grep $i /etc/hosts.allow) && (! /bin/grep $i /etc/hosts) ;then
#Á¢¼ÓÂ÷´Ü ¾ÆÀÌÇÇ ¸®½ºÆ®¿¡ ±â·Ï
echo $i >> $SAVE_DIR/$REFUSED_IP_LIST
fi
else
#ÁöÁ¤µÈ °ÅºÎ Ƚ¼ö¸¦ ÃʰúÇÑ´Ù¸é
if (($IP_COUNT > $COUNT - 1));then
#Á¢¼ÓÂ÷´Ü ¾ÆÀÌÇÇ ¸®½ºÆ®¿¡ ¾ø´Ù¸é
if (! grep $i $SAVE_DIR/$INPUT_IPTABLES) && (! grep $i $SAVE_DIR/INPUT_IPTABLES_TEMP) ;then
#³¯Â¥±â·ÏÀ» À§ÇØ Çѹø¸¸ ½ÇÇà
if [ "$onCE" = "Y" ];then
echo "" >> $SAVE_DIR/INPUT_IPTABLES_TEMP
/bin/date >> $SAVE_DIR/INPUT_IPTABLES_TEMP
echo "=============================" >> $SAVE_DIR/INPUT_IPTABLES_TEMP
fi
#Àӽà Á¢¼ÓÂ÷´Ü ¸®½ºÆ®¿¡ ±â·Ï
echo iptables -A INPUT -i eth0 -p tcp -s $i --dport 22 -j DROP >> $SAVE_DIR/INPUT_IPTABLES_TEMP
#iptables¿¡ ±â·Ï(¡ØÁÖÀÇ:½ºÅ©¸³Æ®·Î ÀÚµ¿ µî·ÏÀº ±ÇÀåÇÏÁö ¾Ê½À´Ï´Ù.±×·¡¼ ÁÖ¼®Ã³¸® Çß¾¸´Ù.)
#/sbin/iptables -A INPUT -i eth0 -p tcp -s $i --dport 22 -j DROP
export onCE="N"
fi
else
#Á¢¼Ó°ÅºÎ ¾ÆÀÌÇÇ ¸®½ºÆ® ±â·Ï
echo $i >> $SAVE_DIR/$REFUSED_IP_LIST
fi
fi
done
#Á¢¼Ó Â÷´ÜµÈ ¾ÆÀÌÇǰ¡ ÀÖ´Ù¸é ¸ÞÀÏ ¹ß¼Û
if [ "$onCE" = "N" ];then
cat $SAVE_DIR/INPUT_IPTABLES_TEMP >> $SAVE_DIR/$INPUT_IPTABLES
/bin/mail -v $ADMIN_EMAIL -s "$DATE Today's refused IP Lists log" < $SAVE_DIR/INPUT_IPTABLES_TEMP
rm -rf $SAVE_DIR/INPUT_IPTABLES_TEMP
fi
fi