1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
编写脚本:checkip.sh
[root@centos7 data]# cat checkip.sh
#!/bin/bash
lastb |awk -F ' ' '/ssh/{print $3}'|sort|uniq -c > /data/loginFailed.log
while read line
do
Num=`echo $line|awk '{print $1}'`
IP=`echo $line|awk '{print $2}'`
if (( $Num > 10 ));then
grep $IP /etc/hosts.deny > /dev/null #判断IP是否已经添加过
if (( $? > 0 ));then
echo "sshd:$IP" >> /etc/hosts.deny
fi
fi
done < /data/loginFailed.log
设置定时任务
[root@centos7 data]# vim /etc/crontab
1 SHELL=/bin/bash
2 PATH=/sbin:/bin:/usr/sbin:/usr/bin
3 MAILTO=root
4
5 # For details see man 4 crontabs
6
7 # Example of job definition:
8 # .---------------- minute (0 - 59)
9 # | .------------- hour (0 - 23)
10 # | | .---------- day of month (1 - 31)
11 # | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
12 # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
13 # | | | | |
14 # * * * * * user-name command to be executed
15 */5 * * * * root /bin/bash /root/bin/checkip.sh
当192.168.45.128访问次数超过十次时,检查/etc/hosts.deny中是否添加该IP
[root@centos7 bin]# cat /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd:192.168.45.128
2、配置magedu用户的sudo权限,允许magedu用户拥有root权限
在没有sudo权限的时候,使用sudo查看文件报错如下:
[root@centos7 etc]# su - magedu
Last login: Sat Jul 11 13:18:46 CST 2020 on pts/0
[magedu@centos7 ~]$ sudo cat /etc/shadow|head -3
magedu is not in the sudoers file. This incident will be reported.
修改/etc/sudoers文件
再次查看文件,结果如下:
[root@centos7 etc]# su - magedu
Last login: Sat Jul 11 13:21:13 CST 2020 on pts/0
[magedu@centos7 ~]$ sudo cat /etc/shadow|head -3
root:$6$5nqnD3rT$Yujzq/35FOR2SIH5e5i5D9VoWlew4vTiAdqB8D5/BVe40eGbdqt4QMMq49j3gW4MUgX/ilvvSWuRKCOWeqJ6G1:18443:0:99999:7:::
bin:*:17834:0:99999:7:::
daemon:*:17834:0:99999:7:::
