#!/usr/bin/bash
#用户检测入侵工具
Authlog=/var/log/secure
if [[-N $]];then
Authlog=$1
echo "Using Log File: $AUTHLOG"
Fi
Log=/tmp/valid.$$.log
Grep-v "Invalid" $AUTHLOG > $LOG #将系统中有效的用户
users=$ (grep "Failed password" $LOG |awk ' {print $ (NF-5)} ' |sort|uniq) # Collect user names for illegal users
printf "%-5s|%-10s|%-10s|%-13s|%-33s|%s" "sr#" "User" "attempts" "IP address" "host_mapping" "Time range"
Ucount=0
Ip_list= "$ (egrep-o" [0-9]+.[ 0-9]+. [0-9]+. [0-9]+ "$LOG |sort|uniq)" #获取登陆失败的IP地址
For IP in $ip _list
Do
grep $ip $LOG >/tmp/temp.$$.log #这一步是将失败的那一行信息存到文件中
For user in $users
Do
grep $user/tmp/temp.$$.log >/tmp/$$.log
Cut-c-16/tmp/$$.log >$$.time #这一行的前16个字符是时间戳
tstart=$ (head-1 $$.time);
start=$ (date-d "$tstart" "+%s");
tend=$ (Tail-1 $$.time)
end=$ (date-d "$tend" "+%s")
limit=$ (($end-$start))
If [$limit-gt]; then #检查这个时间戳是否大于两分钟
Let ucount++;
ip=$ (egrep-o "[0-9]+.[ 0-9]+. [0-9]+. [0-9]+ "/tmp/$$.log|head-1)
Time_range= "$tstart-$tend"
attempts=$ (cat/tmp/$$.log|wc-1)
host=$ (host $IP |awk ' {print $NF} ') #根据ip find the name of the corresponding host this step if show host does not find the command please install Bind-utils
printf "%-5s|%-10s|%-10s|%-13s|%-33s|%s" $ucount "$user" "$ATTEMPTS" "$IP" "$HOST" "$TIME _range"
Fi
Done
Done
Rm-f/tmp/valid.$$.log
Rm-f/tmp/$$.log
Rm-f/tmp/$$.time
Rm-f/tmp/temp.$$.log
-------------------------------------------------------
This is the solution to solve the 3 login failures of illegal users.
Vim/etc/pam.d/sshd
Auth Required pam_tally2.so deny=3 unlock_time=300 even_deny_root root_unlock_time=10
#参数解释
#even_deny_root also restrict root users;
#deny set the maximum number of consecutive error logins for regular users and root users, and the maximum number of times to lock the user
#unlock_time set the normal user lock, how much time after the unlock, the unit is seconds;
#root_unlock_time sets the number of seconds after which the root user is locked, after which time the unit is unlocked
Author Profile:
Chen Zhike (Headline number: the strong twist of the melon is not delicious The public number "Pencil school" operation and maintenance content co-author , is currently working in China's largest android application software company, as a senior engineer , now the company as a PHP development engineer, Python development engineer, senior OPS engineer.
Pencil Study Garden : It resource sharing | Knowledge sharing, being the primary programmer's beacon
Shell daily Practice-find intruders by monitoring users ' logins
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
