[root@crushlinux ~]# cat securehost.sh
#!/bin/bash
awk '/Failed/ {print $(NF-3)}' /var/log/secure | sort |uniq -c | awk '{print $2"="$1}' > /tmp/ip.txt
for i in $(cat /tmp/ip.txt)
do
ip=$(echo $i | awk -F= '{print $1}')
cishu=$(echo $i | awk -F= '{print $2}')
if [ $cishu -ge 5 ]
then
echo "sshd:$ip" >> /etc/hosts.deny
else
echo "$ip $cishu次登录异常" >> /tmp/ssh-error.txt
fi
done