#!/bin/bash
##############################################################
# File Name: /sanshi/scripts/hosts.deny.sh
# Version: V1.0
# Author: sanshi
# Organization: https://www.9133w.cn/sources/
# Created Time : 2021-04-09 09:00:21
# Description:
##############################################################
#set -e
[[ $USER != "root" ]] && echo "$(date +%F-%T) : $USER hasn't privilege to run this script." && exit 0
d1=$(date +%H)
ipt_cmd=`command -v iptables`
[[ -z "$ipt_cmd" ]] && yum install -y iptables-services
: ${ipt_cmd:=/usr/sbin/iptables}

# 按时间过滤/当天
#grep -E "^$(date +%b)[[:space:]]+$(date +%-d)" /var/log/secure | \

# 过滤整个文件
grep -i 'failed' /var/log/secure | \
grep -oP '(?<=from )[\d+.]+' | \
sort | uniq -c | sort -k1nr | while read line
do
	counts=`echo $line | awk '{print $1}'`
	addr=`echo $line | awk '{print $2}'`
	if [ "$counts" -gt 10 ]
	then
		$ipt_cmd -vnL INPUT | grep -i drop | grep -q "$addr" || \
		$ipt_cmd -I INPUT -s $addr -j DROP
	fi
done

if [ "$d1" -eq 23 ]
then
	/sbin/iptables-save > /sanshi/iptables/iptables-$(date +%Y%m%d).conf
	rm -f /sanshi/iptables/iptables-$(date -d '7 days ago' +%Y%m%d).conf

#	恢复黑名单
#	tag=`$ipt_cmd -L INPUT -vn | grep -i drop | wc -l`
#	while [[ $tag > 0 ]]
#	do
#		$ipt_cmd -D INPUT $tag
#		((tag--))
#	done
fi
exit 0