Limit IP logon shell script when Linux system exits

in a production environment, it is possible that other administrators or users may modify Hosts.allow to allow more IP landing machines; In order to facilitate unified management, we can modify the Allow and deny files to the default settings when the user exits. You can also automatically get the entire IP field that the machine is assigned to allow you to log in

Test-f/root/.bash_logout && chattr-i/root/.bash_logout
Cat >/root/.bash_logout <<eof
Export Term=xterm
/usr/bin/chattr-i/etc/hosts.allow/etc/hosts.deny

#for Hosts.deny
/bin/awk ' begin{fs= ' [=.] "; Rs= "\ n"};/^ipaddr/{print "Sshd:all EXCEPT" \$2 "." \$3 "." \$4 ". 0/255.255.255.0"} '/etc/sysconfig/network-scripts/ifcfg-* | Grep-v 127.0.0 | Uniq 1>/etc/hosts.deny

/bin/cat >>/etc/hosts.deny << ieof
Sshd:all EXCEPT IP
Ieof

#for Hosts.allow
/bin/awk ' begin{fs= ' [=.] "; Rs= "\ n"};/^ipaddr/{print "sshd:" \$2 "." \$3 "." \$4 ". 0/255.255.255.0"} '/etc/sysconfig/network-scripts/ifcfg-* | Grep-v 127.0.0 | Uniq 1>/etc/hosts.allow

/bin/cat >>/etc/hosts.allow << ieof
Sshd:ip
Ieof
/usr/bin/chattr +i/etc/hosts.allow/etc/hosts.deny

Clear
Eof

Sh/root/.bash_logout 2>&1 >/dev/null

Example

This article only detects an illegal IP login to the server automatically to the operation of the police, of course, can also be changed to SMS alarm, if you have a short message gateway.

#!/bin/bash
#该脚本作用是检测是否有恶意IP登陆服务器并邮件报警
#可以结合139邮箱以达到短信及时通知到手机的功能
#适用系统centos5

Ldate= ' which date '
lawk= ' which awk '
Llast= ' which last '
lgrep= ' which grep '
Lsendmail= ' which SendMail '
lifconfig= ' which ifconfig '
serverip= ' $Lifconfig eth0| $Lgrep inet| $Lawk-F: ' {print $} ' | $Lawk ' {print $} '
Cutdate= ' $Ldate | $Lawk ' {print $ ' $ ' ' $} '

hackerip= ' $Llast | $Lgrep "$cutdate" | $Lawk ' {print $} ' | $Lgrep-v 192.168.1x.xx '

If [-Z $hackerip]
Then
Exit
Else

For LOGIP in $hackerip
Todo
echo "Hacker IP is $LOGIP already login $serverip" |mail-s "SOS rocdk890@139.com

Done
Fi