1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
#!/bin/bash
while true;do
mounth=$(date +%b)
mday=$(date +%d)
hour=$(date +%H)
min=$(date +%M)
IP=`awk '/sshd.*Failed password/ {if("'$mounth'" == $1 && "'$mday'" == $2){split($3,array,":")
if("'$hour'" == array[1]){
if("'$min'" < array[2] + 5)
allert[$11]++;
}
else{
if("'$min'"+60-array[2] < 5)
allert[$11]++;
}
}
}
END{
for(IP in allert){
if(allert[IP]>10)
print(IP)
}
}
' /var/log/secure
`
for I in $IP;do
echo "sshd: ${I}" >> /etc/hosts.deny
done
sleep 300
done
2、配置magedu用户的sudo权限,允许magedu用户拥有root权限
visudo
magedu ALL=(ALL) ALL