标签:linux end run lis 暴力 case 连接 sshd 暴力破解
# cat /var/log/secure | awk ‘/Failed/{print $(NF-3)}‘ | sort | uniq -c | awk ‘{print $2" = "$1;}‘
修改SSH服务器配置文件
# vim /etc/ssh/sshd_config
ssh连接时需指定连接端口,如:
ssh -p 2212 root@xxx.xxx.xxx.xxx
如果修改客户端配置文件 /etc/ssh/config_ssh
把Port改成2212,则连接ssh服务器时默认连接的端口为2212
#!/bin/bash #Program: # Use to monitor the user who try to login. # 防止SSH用户暴力破解脚本 # #Usage: # 赋予可执行权限并添加到crontab # 请先修改19行NUM对应的登录失败次数(默认100),超过此值则会添加到/etc/hosts.deny并且发送邮件 # 建议使用sendEmail发送邮件(不会被当作垃圾邮件而屏蔽) http://caspian.dotconf.net/menu/Software/SendEmail/ # sendmail使用qq、163邮箱测试通过,默认的mail客户端发送qq邮箱会拒收需要添加白名单、163通过 #History: #2013/10/13 Ver:1.02 By Jack # # PATH=/sbin:/usr/sbin:/bin:/usr/bin:~ export PATH #定义阀值,超出此值则添加到黑名单并发送邮件 NUM=100 #检查是否有root权限 [ $UID != 0 ] && echo -e "\e[0;31mSorry,Please run as root!\e[0m" && exit 2 #检查安全日志文件是否存在且可读 log=/var/log/secure [ ! -e $log ] || [ ! -r $log ] && echo -e "\e[0;31mMake sure the file $log exist or can be readable!\e[0m" && exit 3 #登陆失败的IP地址列表 ssh_list=/root/logs/ssh_list [ ! -e ${ssh_list} ] && mkdir -p `dirname ${ssh_list}` #判断日志中是否存在ssh登录失败ip,如果没有则退出,否则添加至${ssh_list} cat $log |grep ‘Failed‘ &>/dev/null [ $? != 0 ] && exit 4 cat $log|awk ‘/Failed/{print $(NF-3)}‘|uniq -c|sort -nr|awk ‘{print $2"=>"$1}‘ > ${ssh_list} #定义黑名单文件(Tcpwrappers) deny_file=/etc/hosts.deny #定义发送的黑名单邮件列表地址 mail_file=/root/logs/mail_file [ ! -d `dirname ${mail_file}` ] && mkdir -p `dirname ${mail_file}` #选择邮件发送端,如果使用sendEmail,请下载后将sendEmail.pl拷贝到/usr/bin并赋予x权限 if [ -e /usr/bin/sendEmail.pl ] && [ -x /usr/bin/sendEmail.pl ] then sendmail="mailA" elif [ -e /bin/mail ] && [ -x /bin/mail ] then sendmail="mailB" else sendmail="None" fi #关于sendEmail设置 send_user=‘xxxx@qq.com\‘ #发送者地址 smtp_user=‘xxxx‘ #登陆smyp服务器的用户名 smtp_pass=‘xxxx‘ #登陆smtp服务器用户的密码 smtp_addr=‘smtp.qq.com:25‘ #smtp地址和端口 recv_user=‘115466xxxx@qq.com jack_blues@163.com\‘ #接收者邮件地址 send_mailA(){ /usr/bin/sendEmail.pl -f ${send_user} -t ${recv_user} -s ${smtp_addr} -u "SSHD WARNINGS" -m "`cat ${mail_file}`" -xu ${smtp_user} -xp ${smtp_pass} > /dev/null 2>&1 } send_mailB(){ /bin/mail -s "Failed sshd Login Users" ${recv_user} < ${mail_file} } #测试网络 test_network(){ #ping 8.8.8.8 -c2 &>/dev/null RETVAL=$(curl -I -o /dev/null -s -w %{http_code} http://www.baidu.com/) } for i in `cat ${ssh_list}` do COUNT=`echo $i|awk -F"=>" ‘{print $2}‘` IPADDR=`echo $i|awk -F"=>" ‘{print $1}‘` if [ ${COUNT} -ge ${NUM} ];then grep $IPADDR ${deny_file} 2>/dev/null while [ $? -ne 0 ] do echo "sshd:${IPADDR}" >> ${deny_file} echo "<警告>:IP为${IPADDR}的用户尝试使用SSH登陆的次数大于限定值$NUM,其尝试次数为$COUNT">>${mail_file} done fi done #sleep 1 while [ -e ${mail_file} ] do test_network [ $RETVAL -ne 200 ] && exit 5 case $sendmail in mailA)send_mailA;; mailB)send_mailB;; None)exit 6 esac rm -f ${mail_file} done
标签:linux end run lis 暴力 case 连接 sshd 暴力破解
原文地址:http://www.cnblogs.com/ssooking/p/6362882.html