标签:ssh 脚本 bash shell denyhosts
[root@localhost ~]# vi /etc/ssh/sshd_config [root@localhost ~]# grep Root /etc/ssh/sshd_config PermitRootLogin no ### 将默认的 #PermitRootLogin yes 修改成这样的 ### # the setting of "PermitRootLogin without-password".
Stopping sshd: [ OK ] Starting sshd: [ OK ]
[root@localhost ~]# vi /etc/ssh/sshd_config [root@localhost ~]# grep Port /etc/ssh/sshd_config Port 2020 #GatewayPorts no
[root@localhost ~]# vi /etc/sysconfig/iptables [root@localhost ~]# grep 2020 /etc/sysconfig/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT
[root@localhost ~]# /etc/init.d/iptables restart iptables: Setting chains to policy ACCEPT: nat filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
[root@localhost ~]# /etc/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
login as: root root@192.168.10.131's password: Last login: Tue Jul 21 18:54:57 2015 from 192.168.10.101 [root@localhost ~]# cat /etc/issue CentOS release 6.5 (Final) Kernel \r on an \m
[root@localhost ~]# useradd leekwen [root@localhost ~]# passwd leekwen Changing password for user leekwen. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully.
login as: leekwen leekwen@192.168.10.131's password: Last login: Tue Apr 28 21:27:26 2015 from 192.168.10.100
[leekwen@localhost ~]$ su - root Password:
[root@localhost ~]# wget -c http://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz [root@localhost ~]# ls DenyHosts-2.6.tar.gz DenyHosts-2.6.tar.gz
[root@localhost ~]# tar zxf DenyHosts-2.6.tar.gz [root@localhost ~]# cd DenyHosts-2.6 [root@localhost DenyHosts-2.6]# python setup.py install [root@localhost DenyHosts-2.6]# cd /usr/share/denyhosts/ [root@localhost denyhosts]# ls CHANGELOG.txt denyhosts.cfg-dist plugins scripts daemon-control-dist LICENSE.txt README.txt setup.py
[root@localhost denyhosts]# cat denyhosts.cfg-dist |grep -v "#" |grep -v "^$" > denyhosts.cfg
[root@localhost denyhosts]# cat denyhosts.cfg SECURE_LOG = /var/log/secure HOSTS_DENY = /etc/hosts.deny PURGE_DENY = 20m BLOCK_SERVICE = sshd DENY_THRESHOLD_INVALID = 1 DENY_THRESHOLD_VALID = 10 DENY_THRESHOLD_ROOT = 5 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /usr/share/denyhosts/data SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=NO LOCK_FILE = /var/lock/subsys/denyhosts ADMIN_EMAIL = leekwen@126.com SMTP_HOST = localhost SMTP_PORT = 25 SMTP_FROM = DenyHosts <nobody@localhost> SMTP_SUBJECT = DenyHosts Report AGE_RESET_VALID=5d AGE_RESET_ROOT=25d AGE_RESET_RESTRICTED=25d AGE_RESET_INVALID=10d DAEMON_LOG = /var/log/denyhosts DAEMON_SLEEP = 30s DAEMON_PURGE = 1h
[root@localhost denyhosts]# mkdir -p /etc/denyhosts/ [root@localhost denyhosts]# cp denyhosts.cfg /etc/denyhosts/
[root@localhost denyhosts]# cp daemon-control-dist daemon-control
[root@localhost denyhosts]# chown root daemon-control
[root@localhost denyhosts]# chmod 700 daemon-control
[root@localhost denyhosts]# vi daemon-control
[root@localhost ~]# grep DENYHOSTS_CFG daemon-control
DENYHOSTS_CFG = "/etc/denyhosts/denyhosts.cfg"
args.append("--config=%s" % DENYHOSTS_CFG)[root@localhost denyhosts]# cp daemon-control /etc/init.d/denyhosts [root@localhost denyhosts]# chkconfig --add denyhosts [root@localhost denyhosts]# chkconfig denyhosts on [root@localhost denyhosts]# /etc/init.d/denyhosts start starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
[root@localhost denyhosts]# cd [root@localhost ~]# tail -n 2 /etc/hosts.deny # DenyHosts: Thu Aug 20 14:45:00 2015 | sshd: 118.187.17.119 sshd: 118.187.17.119
[root@localhost ~]# echo "sshd: 202.101.172.46" >> /etc/hosts.allow
版权声明:本文为博主原创文章,未经博主允许不得转载。
标签:ssh 脚本 bash shell denyhosts
原文地址:http://blog.csdn.net/leekwen/article/details/47807677
