禁止非法ip远程ssh 登录,并把登录的ip记录到文件中
1
[root@centos7 ~]# vim /usr/bin/feifalogin.sh
#!/bin/bash
#name:w.sh
#author:liuyu
#version:1.0
declare -a info
declare -a okip=("10.1.1.11" ":0") #可以把允许的ip放到此位置
declare -a psinfos
writeinfo(){
echo "$1 $2 `date +%F' '%T` " >> /var/feifadenglu.txt
echo "user illegal login, ip : $2 terminal : $1 ,has recorded its IP" | write root $1
}
killjinchen(){
sleep 1
kill -9 $1
wall user illegal login-----------------user illegal login-----------------user illegal login
}
killnoip(){
psinfo=`ps -f h | grep pts/ | tr -s ' '|cut -d ' ' -f2,6`
j=0
for i in $psinfo;do
psinfos[$j]=$i
let j++
done
for i in $(seq 1 2 $[${#psinfos[@]}-1]);do
if [ "${psinfos[$i]}" == "$1" ];then
killjinchen ${psinfos[$i-1]}
fi
done
}
jiance(){
for j in $(seq 1 2 $[${#info[@]}-1]);do
for((i=0;i<${#okip[@]};i++));do
if [ "${info[$j]}" == "${okip[$i]}" ];then
break
fi
done
if [ $i -eq ${#okip[@]} ];then
writeinfo ${info[$j-1]} ${info[$j]}
killnoip ${info[$j-1]}
fi
done
}
while true;do
{
unset info
declare -a info
f=`w |tr -s ' '|cut -d' ' -f2,3|grep ^p`
j=0
for i in $f;do
info[$j]=$i
let j++
done
jiance
sleep 2
}
done
3
[root@centos7 ~]# vim /usr/bin/feifa
#!/bin/bash
killjinchen(){
for i in `pgrep feifalogin.sh` ;do
kill -9 $i
done
}
syon(){
if pgrep feifalogin.sh &> /dev/null ;then
echo 1
else
echo 0
fi
}
starts(){
if [ $(syon) -eq 1 ];then
echo "服务已经启动过了"
else
if feifalogin.sh & then
echo "$1启动成功"
else
echo "$1启动失败"
exit 1
fi
fi
}
stops(){
if [ $(syon) -eq 0 ] ;then
echo "服务没有启动"
else
killjinchen
if [ $(syon) -eq 0 ] ;then
echo "停止成功"
else
echo "停止失败$1"
exit 1
fi
fi
}
restarts(){
stops ",服务无法重新启动"
starts "服务正在重新重启中,"
}
statuss(){
if [ $(syon) -eq 0 ] ;then
echo "服务没有启动"
else
echo "服务已经启动过了"
fi
}
case $1 in
start)
starts
;;
stop)
stops
;;
restart)
restarts
;;
status)
statuss
;;
*)
echo "error ,please Usage: $0 {start|stop|restart|status}"
esac
4
[root@centos7 ~]# vim /etc/rc.d/init.d/feifa
#!/bin/sh
#chkconfig: 2345 80 90
#description:feifa
feifa start
5
[root@centos7 ~]# chmod u+x /etc/rc.d/init.d/feifa
[root@centos7 ~]# chkconfig --add feifa
[root@centos7 ~]# chkconfig feifa on
6
[root@centos7 ~]# feifa
error ,please Usage: /usr/bin/feifa {start|stop|restart|status}