shell脚本监控linux日志(secure)发现ssh异常登

2018-05-02  本文已影响86人  苏唯希_43fe

#! /bin/bash

echo "set from=发送者邮箱(可为公网) smtp=邮箱发件服务器  >>/etc/mail.rc

echo "set smtp-auth-user=公网邮箱  smtp-auth-password=邮箱密码 smtp-auth=login"  >>/etc/mail.rc

cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/satools/black.txt

DEFINE="3"

for i in `cat /root/satools/black.txt`

do

IP=`echo $i |awk -F= '{print $1}'`

NUM=`echo $i|awk -F= '{print $2}'`

if [ $NUM -gt $DEFINE ]; then

mail_ip="$IP the num $NUM"

echo $mail_ip|mail  -s "the ip is bad"  接收者邮箱

fi

done

上一篇下一篇

猜你喜欢

热点阅读