¼³Ä¡¼º°ø±â
HOME > Ä¿¹Â´ÏƼ > ¼³Ä¡¼º°ø±â

[ÇÁ·Î±×·¥] SSH Á¢¼Ó½Ãµµ ¾ÆÀÌÇÇÁß ¿©·¯Â÷·Ê Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ Â÷´Ü ½ºÅ©¸³Æ®

 ±Û¾´ÀÌ : winxcom
ÀÛ¼ºÀÏ : 12-01-23 21:11    Á¶È¸ : 8,520  
#!/bin/bash
# # SSH Á¢¼Ó½Ãµµ ¾ÆÀÌÇÇÁß ¿©·¯Â÷·Ê Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ Â÷´Ü ½ºÅ©¸³Æ®
# ÇÏ·ç¿¡ Çѹø ½ÇÇà(crontabÀ¸·Î 23:59ºÐ¿¡ ½ÇÇà½ÃÄÑ ÁÖ¼¼¿ä.)
ADMIN_EMAIL=***@***       #º¸°í ¹ÞÀ» À̸ÞÀÏ ÁÖ¼Ò
REFUSED_IP_LIST='refused_ip_list.txt'    #Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ ¸®½ºÆ®
SAVE_DIR='/root/refused_ip'        #±â·ÏµÉ µð·ºÅ丮
INPUT_IPTABLES='input_iptables_list'    #Â÷´Ü ¾ÆÀÌÇÇ ¸®½ºÆ®(iptables¿¡ ¸®½ºÆ®¾÷ ´ë»ó)
COUNT=5                    #°ÅÀýȽ¼öÁ¤ÀÇ
onCE="Y"                #¿À´ÃÀÇ °ÅÀý ¸®½ºÆ® À¯/¹« È®ÀÎ º¯¼ö
#ÀúÀåµÉ µð·ºÅ丮 »ý¼º
mkdir -p $SAVE_DIR           
#ÀúÀåµÉ µð·ºÅ丮°¡ ¾ø´Ù¸é
if [ -z  `/usr/bin/find $SAVE_DIR -name $REFUSED_IP_LIST` ]; then
    touch $SAVE_DIR/$REFUSED_IP_LIST
    touch $SAVE_DIR/$INPUT_IPTABLES
fi
# ¿À´Ã³¯Â¥
DATE="$(date +%Y-%m-%d)"
TODAY="$(date '+%b %e')"
#¿À´Ã ½ÇÇà ¿©ºÎ È®ÀÎ(Áߺ¹ ½ÇÇà ¹æÁö)
CHECK_TODAY=`/bin/grep "$DATE" $SAVE_DIR/$REFUSED_IP_LIST`
#¿À´Ã óÀ½½ÇÇà Çß´Ù¸é(Çѹø¸¸ ½ÇÇà Çϵµ·Ï üũ)
if [ "$CHECK_TODAY" != "$DATE" ]; then
    #messages ·Î±×¿¡¼­ °ÅÀýµÈ IP ã±â
    REFUSED_LIST=`/bin/grep "$TODAY" /var/log/messages |grep ssh |grep refused |awk '{print $9}'`
    if [ "$REFUSED_LIST" == "" ]; then
        exit 0
    fi
    echo $DATE >> $SAVE_DIR/$REFUSED_IP_LIST
    for i in $REFUSED_LIST
        do
            #°ÅÀýȽ¼ö Ä«¿îÅÍ
            IP_COUNT=`/bin/grep -c $i $SAVE_DIR/$REFUSED_IP_LIST`
            #Á¢¼Ó°ÅºÎµÈ ¾ÆÀÌÇÇ ¸®½ºÆ®¿¡ ¾ø´Ù¸é
            if  ! /bin/grep $i $SAVE_DIR/$REFUSED_IP_LIST ;then
                #Çã°¡µÈ ¾ÆÀÌÇǰ¡ ¾Æ´Ï¶ó¸é
                if (! /bin/grep $i /etc/hosts.allow) && (! /bin/grep $i /etc/hosts) ;then
                    #Á¢¼ÓÂ÷´Ü ¾ÆÀÌÇÇ ¸®½ºÆ®¿¡ ±â·Ï
                    echo $i >> $SAVE_DIR/$REFUSED_IP_LIST
                fi
            else
                #ÁöÁ¤µÈ °ÅºÎ Ƚ¼ö¸¦ ÃʰúÇÑ´Ù¸é
                if (($IP_COUNT > $COUNT - 1));then
                    #Á¢¼ÓÂ÷´Ü ¾ÆÀÌÇÇ ¸®½ºÆ®¿¡ ¾ø´Ù¸é
                    if (! grep $i $SAVE_DIR/$INPUT_IPTABLES) && (! grep $i $SAVE_DIR/INPUT_IPTABLES_TEMP) ;then
                        #³¯Â¥±â·ÏÀ» À§ÇØ Çѹø¸¸ ½ÇÇà
                        if [ "$onCE" = "Y" ];then
                            echo "" >> $SAVE_DIR/INPUT_IPTABLES_TEMP
                            /bin/date >> $SAVE_DIR/INPUT_IPTABLES_TEMP
                            echo "=============================" >> $SAVE_DIR/INPUT_IPTABLES_TEMP
                        fi
                        #Àӽà Á¢¼ÓÂ÷´Ü ¸®½ºÆ®¿¡ ±â·Ï
                        echo iptables -A INPUT -i eth0 -p tcp -s $i --dport 22 -j DROP >> $SAVE_DIR/INPUT_IPTABLES_TEMP
                        #iptables¿¡ ±â·Ï(¡ØÁÖÀÇ:½ºÅ©¸³Æ®·Î ÀÚµ¿ µî·ÏÀº ±ÇÀåÇÏÁö ¾Ê½À´Ï´Ù.±×·¡¼­ ÁÖ¼®Ã³¸® Çß¾¸´Ù.)
                        #/sbin/iptables -A INPUT -i eth0 -p tcp -s $i --dport 22 -j DROP
                        export onCE="N"
                    fi
                else
                    #Á¢¼Ó°ÅºÎ ¾ÆÀÌÇÇ ¸®½ºÆ® ±â·Ï
                    echo $i >> $SAVE_DIR/$REFUSED_IP_LIST
                fi
            fi       
        done
    #Á¢¼Ó Â÷´ÜµÈ ¾ÆÀÌÇǰ¡ ÀÖ´Ù¸é ¸ÞÀÏ ¹ß¼Û
    if [ "$onCE" = "N" ];then
        cat $SAVE_DIR/INPUT_IPTABLES_TEMP >> $SAVE_DIR/$INPUT_IPTABLES
        /bin/mail -v $ADMIN_EMAIL -s "$DATE Today's refused IP Lists log" < $SAVE_DIR/INPUT_IPTABLES_TEMP
        rm -rf $SAVE_DIR/INPUT_IPTABLES_TEMP
    fi
fi

 


ÀÌ ±ÛÀ» Æ®À§ÅÍ·Î º¸³»±â ÀÌ ±ÛÀ» ÆäÀ̽ººÏÀ¸·Î º¸³»±â

ppcm 13-06-28 06:44
 
±¦Âú³×¿ä...
ÀÌ ¾ÆÀ̵ð¾î°¡ ÁÁ¾Æ º¸ÀÔ´Ï´Ù...
¿©·¯¹ø ºñ¹Ð¹øÈ£ ¿¡·¯·Î Â÷´ÜµÈ °ÍÀº ¾Æ¿¹ ±× ip¸¦ Â÷´ÜÇØ¹ö¸®´Â »ý°¢Àº
Á¤¸» Àß ÇÑ °Í °°½À´Ï´Ù.
sample gra¡¦ 13-12-22 17:58
 
ÀÚÀ¯ ¼ÒÇÁÆ®¿þ¾î ÇÁ·ÎÁ§Æ®´Â °øµ¿ ¹æ½ÄÀ¸·Î °³¹ßÇÏÁö¸¸, Á¾Á¾ ¼­·Î µ¶¸³ÀûÀ¸·Î »ý¼ºµÈ´Ù.¼ÒÇÁÆ®¿þ¾î ¶óÀ̼¾½º°¡ ¸í½Ã ÀûÀ¸·Î Àç¹èÆ÷ ÇÒ ¼öÀÖ°Ô Çã¿ëÇÑ´Ù´Â »ç½ÇÀº, ±×·¯³ª, ÇÑ ¹ø¿¡ ¸ðµÎ ¸®´ª½º ¹èÆ÷ÆÇÀÇ ÇüÅ·Πµ¶¸³ ½ÇÇà Çü ÇÁ·ÎÁ§Æ®¿¡ ÀÇÇØ »ý¼º µÈ ¼ÒÇÁÆ®¿þ¾î¸¦ ¼öÁýÇÏ°í »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ´õ Å« ±Ô¸ðÀÇ ÇÁ·ÎÁ§Æ®¸¦À§ÇÑ ±âÃʸ¦ Á¦°øÇÑ´Ù.
http://www.graduateschoolpersonalstatement.net/personal-statement-writing-requirements/personal-statement-example-2/