- #!/bin/bash
- #====================================================
- # Author: Mr.Song
- # Create Date: 2018-11-16
- # Description:
- #====================================================
- ########################################################
- #bash 配置
- cat>> ~/.bashrc <<- EOF
- alias cls='clear' #DOS 风格的清空
- alias h='history | tail'
- alias hg='history | grep'
- alias hl='history | less'
- #stty erase ^H #清除退格 (这个很有必要)
- export PS1="[\[\e[0;36m\]\u\[\e[m\]@\[\e[0;32m\]\h \[\e[0;35m\]\W\[\e[m\]]\\\\$"
- export HISTTIMEFORMAT="%F %T \`who -u am i 2>/dev/null|awk'{print \$NF}'|sed -e's/[()]//g'\` \`whoami\`"
- EOF
- #########################################################
- #VIM 配置: 行号, 快捷键输入文本, 中文支持
- cat>> ~/.vimrc <<-EOF
- set autoindent
- set nu
- set tabstop=4
- set shiftwidth=4
- set fileencodings=utf-8,ucs-bom,gb18030,gbk,gb2312,cp936
- set termencoding=utf-8
- set encoding=utf-8
- function AddTitle()
- call setline(1,"#!/bin/bash")
- call append(1,"#====================================================")
- call append(2,"# Author: Mr.Song")
- call append(3,"# Create Date:" . strftime("%Y-%m-%d"))
- call append(4,"# Description:")
- call append(5,"#====================================================")
- endf
- map <F4> :call AddTitle()<cr>
- EOF
- #########################################################
- #openssh 优化: 禁用 DNS 查询, 禁用 root 账户使用密码登陆
- sed -i -e '/#UseDNS/a\UseDNS no' -e '/#PermitRootLogin yes/a\PermitRootLogin prohibit-password' /etc/SSH/sshd_config
- systemctl restart sshd
- #########################################################
- # 防止暴力破解脚本
- echo "*/1 * * * * root /root/auto_deny_ip_v1.sh">> /etc/crontab
- tail -n +$(awk '/^#!/{if(i){print NR;exit}i++}' $0) $0>auto_deny_ip_v1.sh
- chmod +x auto_deny_ip_v1.sh
- exit 0
- #!/bin/bash
- #Auto drop SSH failed IP address
- #By author jfedu.NET 2017
- #Define Path variables
- SEC_FILE=/var/log/secure
- IP_ADDR=`awk '{print $0}' /var/log/secure|grep -i "fail"| egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -nr | uniq -c |awk '$1>=1 {print $2}'`
- DENY_CONF=/etc/hosts.deny
- TM1=`date +%Y%m%d%H%M`
- DENY_IP="/tmp/2h_deny_ip.txt"
- echo
- cat <<EOF
- ++++++++++++++welcome to use SSH login drop failed ip+++++++++++++++++
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ++++++++++++++++------------------------------------++++++++++++++++++
- EOF
- echo
- for ((j=0;j<=2;j++)) ;do echo -n "-";sleep 1 ;done
- echo
- for i in `echo $IP_ADDR`
- do
- cat $DENY_CONF |grep $i>/dev/null 2>&1
- if [ $? -ne 0 ];then
- grep "$i" $DENY_IP>>/dev/null 2>&1
- if [ $? -eq 0 ];then
- TM3=`date +%Y%m%d%H%M`
- IP1=`awk -F"[#:]" '/'$i'/ {print $2,$4}' $DENY_IP|awk '{if('$TM3'>=$2+2) print $1}'`
- if [ ! -z $IP1 ];then
- echo "sshd:$IP1:deny #$TM1">>$DENY_CONF
- sed -i "/$IP1/d" $DENY_IP
- fi
- else
- echo "sshd:$i:deny #$TM1">>$DENY_CONF
- fi
- fi
- done
- #Allow IP to access
- TM2=`date +%Y%m%d%H%M`
- IP2=`awk -F"[#:]" '/sshd/ {print $2,$4}' $DENY_CONF|awk '{if('$TM2'>=$2+2) print $1}'`
- for k in `echo $IP2`
- do
- echo $k
- sed -i "/$k/d" $DENY_CONF
- echo "sshd:$k:deny #$TM2">>$DENY_IP
- done
来源: http://www.bubuko.com/infodetail-2849487.html