SSH防暴力破解脚本
相关链接 http://www.voidcn.com/article/p-ypuxmkin-bgy.html
1、先放脚本
由于Ubuntu默认的shell是dash,导致crontab不运行,需要讲默认shell改为bash
查看 ls -l /bin/sh
切换sh为bash sudo dpkg-reconfigure dash 选 否
再执行 ll /bin/sh
3、sshd 登录日志配置
vim /etc/ssh/sshd_config
#SyslogFacility AUTHPRIV
SyslogFacility AUTH
LogLevel INFO
vim /etc/syslog.conf
authpriv.* /var/log/secur
rsyslog的配置文件 /etc/rsyslog.d/50-default.conf
service syslog restart
service sshd restart
4、加入到crontab,每10分钟执行一次。
#crontab -l
#crontab -e
*/5 * * * * /bin/sh /usr/local/cron/sshdeny.sh
相关链接 http://www.voidcn.com/article/p-ypuxmkin-bgy.html
1、先放脚本
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
test -d /usr/local/cron || mkdir -p /usr/local/cron
cat > /usr/local/cron/sshdeny.sh << "EOF"
#!/bin/bash
DEFINE="3"
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /tmp/sshDenyTemp.txt
for i in `cat /tmp/sshDenyTemp.txt`
do
IP=`echo $i |awk -F= '{print $1}'`
NUM=`echo $i|awk -F= '{print $2}'`
if [ $NUM -gt $DEFINE ];
then
grep $IP /etc/hosts.deny > /dev/null
if [ $? -gt 0 ];
then
echo "sshd:$IP" >> /etc/hosts.deny
fi
fi
done
echo > /var/log/secure
rm -rf /tmp/sshDenyTemp.txt
#echo sshd>> /root/ssh.log
EOF
function Install_cron()
{
if [ "$PM" = "yum" ]; then
yum -y install vixie-cron crontabs
log=/var/log/secure
test -d /var/spool/cron || mkdir -p /var/spool/cron
echo '*/10 * * * * /usr/local/cron/sshdeny.sh > /dev/null 2>&1' >> /var/spool/cron/root
crontab /var/spool/cron/root
chmod 600 /var/spool/cron/root
elif [ "$PM" = "apt" ]; then
apt -y update
apt install -y cron
log=/var/log/auth.log
sed -i 's/secure/auth.log/g' /usr/local/cron/sshdeny.sh
test -d /var/spool/cron/crontabs || mkdir -p /var/spool/cron/crontabs
echo '*/10 * * * * /usr/local/cron/sshdeny.sh > /dev/null 2>&1' >> /var/spool/cron/crontabs/root
crontab /var/spool/cron/crontabs/root
chmod 600 /var/spool/cron/crontabs/root
fi
}
if [ ! -f "/usr/bin/yum" ]; then
PM=apt
else
PM=yum
fi
Install_cron;
chmod +x /usr/local/cron/sshdeny.sh
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Deny for SSH Cront have added success!"
echo "The task work by 10/min"
echo "If you want to allow one, please delete it from /etc/hosts.deny"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
2、Ubuntu切换默认sh为bash或者dash
由于Ubuntu默认的shell是dash,导致crontab不运行,需要讲默认shell改为bash
查看 ls -l /bin/sh
切换sh为bash sudo dpkg-reconfigure dash 选 否
再执行 ll /bin/sh
3、sshd 登录日志配置
vim /etc/ssh/sshd_config
#SyslogFacility AUTHPRIV
SyslogFacility AUTH
LogLevel INFO
vim /etc/syslog.conf
authpriv.* /var/log/secur
rsyslog的配置文件 /etc/rsyslog.d/50-default.conf
service syslog restart
service sshd restart
4、加入到crontab,每10分钟执行一次。
#crontab -l
#crontab -e
*/5 * * * * /bin/sh /usr/local/cron/sshdeny.sh
可用的开源工具,http://imcat.in/down/DenyHosts-2.6.tar.gz//imcat.in/down/DenyHosts-2.6.tar.gz