1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问
~]# cat checkip.sh
#!/bin/bash
#定义 休眠时间
sleeptime=300
#定义 通过ssh登录失败次数
num=10
#定义 黑名单文件
file=/etc/hosts.deny
#无限循环
while true;do
#将失败登录的记录逐行读入变量
lastb | grep ssh | awk '{print $3}' | uniq -c | while read conn ip;do
#判断失败次数
if [ "$conn" -ge "$num" ];then
#判断记录的IP是否存在
egrep -q "^sshd:$ip" $file
#如果不存在记录,将追加记录至指定黑名单文件
[ $? -ne 0 ] && echo "sshd:$ip" >> $file
fi
done
sleep $sleeptime
done
2、配置magedu用户的sudo权限,允许magedu用户拥有root权限
# 执行 visudo 命令, 添加 magedu ALL=(ALL) NOPASSWD: ALL 配置行
~]# visudo
...
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
magedu ALL=(ALL) NOPASSWD: ALL
...
# 切换到 magedu 用户
~]# su - magedu
Last login: Sat Feb 22 00:06:34 CST 2020 on pts/0
# magedu 用户可以免密执行 sudo 权限
[magedu@localhost ~]$ sudo ls /root
anaconda-ks.cfg