一、获取非法ip源:
扫描登录失败的日志:
less secure*|grep “Failed password for root from” >/tmp/gj.list
对扫描日志进行分析,非法尝试失败超过50的ip列出来,保存为gongji.ip
cat /tmp/gj.list|perl -anle ‘print $F[10]’|sort |uniq -c|sort -n |perl -anle ‘print $F[1] if $F[0]>50 ‘>/tmp/gongji.ip