auto_banned_ip_on_centos7

#!/bin/bash
#```ops
#title:auto_banned_ip_on_centos7
#descr:读取secure日志自动利用防火墙封掉那些恶意的ip
#```

bannedIP() {
    reload=false
    firewall_list=`firewall-cmd --list-rich-rules`
    while read line; do
        total_num=`echo $line|cut -d ' ' -f 1`
        if [ $total_num -gt 10 ]; then
            ip=`echo $line|cut -d ' ' -f 2`
            already=`echo $firewall_list|grep "$ip"`
            if [ "$already" = "" ]; then
                now=`date "+%F %T"`
                echo "$now $ip" >> /var/log/auto_banned_ip.log
                reload=true
                firewall-cmd --permanent --zone=public --add-rich-rule="rule family=ipv4 source address=$ip reject"
                #echo firewall-cmd --permanent --zone=public --add-rich-rule="rule family=ipv4 source address=$ip reject"
            fi
        fi
    done
    if [ "$reload" = "true" ]; then
        firewall-cmd --reload
    fi
}
cat /var/log/secure|grep "Failed password"|awk -F"from " '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n|bannedIP