linux查询近8小时ssh登录失败的ip转换为hosts.deny格式打印
# 核心命令(兼容大部分系统) grep -E "Failed password|Invalid user" /var/log/secure \ | awk -v start_time="$(date -d '8 hours ago' +%b' '%d' '%H:%M:%S)" ' BEGIN {# 解析起始时间为时间戳(处理月份缩写+日期+时间格式)split(start_time, t, /[: ]/);mon_map["Jan"]=1; mon_map["Feb"]=2; mon_map["Mar"]=3; mon_map["Apr"]=4;mon_map["May"]=5; mon_map["Jun"]=6; mon_map["Jul"]=7; mon_map["Aug"]=8;mon_map["Sep"]=9; mon_map["Oct"]=10; mon_map["Nov"]=11; mon_map["Dec"]=12;start_ts = mktime(strftime("%Y") " " mon_map[t[1]] " " t[2] " " t[3] " " t[4] " " t[5]);}{# 解析日志行的时间戳log_mon=$1; log_day=$2; log_time=$3;log_ts = mktime(strftime("%Y") " " mon_map[log_mon] " " log_day " " substr(log_time,1,2) " " substr(log_time,4,2) " " substr(log_time,7,2));# 筛选近8小时的日志行if (log_ts >= start_ts) {# 提取IP地址(适配不同日志格式)for (i=1; i<=NF; i++) {if ($i ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}$/) {ip=$i; break;}}if (ip != "") print ip;}} ' | sort -u | awk '{print "sshd:" $0}'
javascript