1、编写脚本/root/bin/checkip.sh，每5分钟检查一次，如果发现通过ssh登录失败 次数超过10次，自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问

#!/bin/bash
[ $UID -ne 0 ]&&echo "this script must root run it " && exit 1
if [[ ! -e "/ip_monitor" ]]; then
        mkdir /ip_monitor
fi
cmd=`cat /var/log/secure|grep "Failed password for qiuhom"|awk '{print $(NF-3)}'|sort|uniq -c|awk '{print $2"==>"$1}'`
 
echo "$cmd">/ip_monitor/ip.txt
 
for i in `cat /ip_monitor/ip.txt`
    do
        ip=`echo "$i"|awk -F "==>" '{print $1}'`
        count=`echo "$i"|awk -F "==>" '{print $2}'`
        if [ $count -gt 10 ];then
           xx=`grep $ip /etc/hosts.deny |wc -l`
           if [ $xx == 0 ];then
               echo "ALL:$ip" >> /etc/hosts.deny
           fi
        fi
    done

2、配置magedu用户的sudo权限，允许magedu用户拥有root权限

root@CentOS7[13:50:32]: echo 'magedu ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/magedu
# 切换用户进行验证
root@CentOS7[13:50:34]: su magedu

magedu@CentOS7[13:53:00]:~# sudo su

root@CentOS7[13:53:09]:/home/magedu#