In centos, the time limit for exit is set to the ip address logon shell script.

In the production environment, hosts may be modified by another administrator or user. allow allows more ip addresses to log on to machines. To facilitate unified management, you can change the allow and deny files to the default settings when exiting. At the same time, the whole ip segment of the machine's configured ip address can be automatically obtained to allow login.

Test-f/root/. bash_logout & chattr-I/root/. bash_logout
Cat>/root/. bash_logout <EOF
Export TERM = xterm
/Usr/bin/chattr-I/etc/hosts. allow/etc/hosts. deny

# For hosts. deny
/Bin/awk 'In in {FS = "[=.] "; RS =" \ n "};/^ IPADDR/{print" sshd: all records T "\ $2 ". "\ $3 ". "\ $4 ". 0/255. 255.255.0 "} '/etc/sysconfig/network-scripts/ifcfg-* | grep-v 127.0.0 | uniq 1>/etc/hosts. deny

/Bin/cat>/etc/hosts. deny <iEOF
Sshd: all forwarding t ip
IEOF

# For hosts. allow
/Bin/awk 'In in {FS = "[=.] "; RS =" \ n "};/^ IPADDR/{print" sshd: "\ $2 ". "\ $3 ". "\ $4 ". 0/255. 255.255.0 "} '/etc/sysconfig/network-scripts/ifcfg-* | grep-v 127.0.0 | uniq 1>/etc/hosts. allow

/Bin/cat>/etc/hosts. allow <iEOF
Sshd: ip
IEOF
/Usr/bin/chattr + I/etc/hosts. allow/etc/hosts. deny

Clear
EOF

Sh/root/. bash_logout 2> & 1>/dev/null

How to restrict ip addresses for ssh logon

Vi/etc/hosts. allow
Sshd: 192.168.0.100: allow // allow IP address 192.168.0.100 to log on
Sshd: 192.168.0.: allow // allow IP address 192.168.0. Network segment login
Sshd: all: deny // disable logon from all other IP addresses
Or
Sshd: 223.227.223. *: allow // allow IP 223.227.223. * network segment logon
Sshd: 192.168.0. *: allow // allow IP address 192.168.0. * network segment logon
Sshd: all: deny // disable logon from all other IP addresses
Save the changes under fedora and the changes will take effect.
FreeBSD restricts ssh login from specific ip addresses:
1.
# Ee/etc/hosts. allow
Add
Sshd: 192.168.0.100: allow
Sshd: 223.227.223. *: allow
Sshd: ALL: deny
2.
Modify/etc/ssh/sshd_config
Join
Allowusers admin@172.16.2.188
Indicates
Only allow admin to log on from 172.16.2.188

Change the IP address of FreeBSD without restarting the computer:
/Etc/netstart after modification in rc. conf

Iptables automatic IP address sealing script

#! /Bin/bash
# Created by haiyun
Num = 10 # upper limit
For I in 'awk'/Failed/{print $(NF-3 )} '/var/log/secure | sort | uniq-c | sort-rn | awk' {if ($1> $ num) {print $2 }}''
Do
Iptables-I input-p tcp-s $ I -- dport 22-j DROP
Done
Join crontab to schedule tasks
Crontab-e
**/5 *** sh/path/file. sh # execute once every 5 hours