1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
[root@localhost bin]# cat checkip.sh
#!/bin/bash
#
#********************************************************************
#Author: wang
#QQ: 913520405
#Date: 2020-02-24
#FileName: checkip.sh
#URL: https://www.jianshu.com/u/28ec0e3dbc64
#Description: The test script
#Copyright (C): 2020 All rights reserved
#********************************************************************
lastb | grep "ssh:" | awk '{print $3}' | sort |\
awk '{count[$1]++} \
END{for (ip in count)if(count[ip]> 3) system("echo sshd:"ip" >> /etc/hosts.deny")}'
[root@localhost bin]# crontab -l
*/5 * * * * sh /data/ddos_monitor.sh
*/5 * * * * sh /root/bin/checkip.sh
2、配置magedu用户的sudo权限,允许magedu用户拥有root权限
[root@localhost bin]# visudo
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
magedu ALL=(ALL) ALL
#给magedu账号配置sudo权限
[root@localhost bin]# su - magedu
Last login: Mon Feb 24 21:58:08 CST 2020 on pts/6
[magedu@localhost ~]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
[magedu@localhost ~]$ sudo cat /etc/shadow | head
root:$6$QuVqUjj6fZf9P8rt$6AI1eYeca9c8m9mc.i.............................
#验证
