1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止访问。
#!/bin/bash
#function:Every 5 mins to check the ssh login this server failed of any ip more then 10 times and add the remote ip to Tcp Wrapper hosts_deny file
LOGIN_FILE="/var/log/secure"
while true
do
echo "Begin to check the login this server message..."
result=$(grep 'PAM .*authentication failures' ${LOGIN_FILE})
echo "${result}" | while read line
do
login_fail_number=$(echo ${line} | awk '{print $7}')
login_fail_ip=$(echo ${line} | grep -o 'rhost=*.*' | awk -F'[= ]' '{print $2}')
if [ ${login_fail_number} -ge 10 ]
then
echo "sshd:${login_fail_ip}" >> /etc/hosts.deny
[ $? -eq 0 ] && echo "Add the ${ip} to Tcp Wrapper success"
fi
done
sleep 300
done
2、配置magedu用户的sudo权限,允许magedu用户拥有root权限。
echo "magedu ALL=(root) ALL" >> /etc/sudoers
配置sudo之前,无root权限:
配置sudo之后