shell脚本监控linux日志(secure)发现ssh异常登
2018-05-02 本文已影响86人
苏唯希_43fe
#! /bin/bash
echo "set from=发送者邮箱(可为公网) smtp=邮箱发件服务器 >>/etc/mail.rc
echo "set smtp-auth-user=公网邮箱 smtp-auth-password=邮箱密码 smtp-auth=login" >>/etc/mail.rc
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/satools/black.txt
DEFINE="3"
for i in `cat /root/satools/black.txt`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i|awk -F= '{print $2}'`
if [ $NUM -gt $DEFINE ]; then
mail_ip="$IP the num $NUM"
echo $mail_ip|mail -s "the ip is bad" 接收者邮箱
fi
done