Prevent other people from brute force password and deny this IP access to SSH service if someone tries to enter a password error number 5 times.
#!/bin/bashlastb | awk ' {print $3} ' | uniq -c | sort -r > a.txtsed -ri ' [email protected]^[[:space:]][email protected]@g ' a.txtsed -ri ' [email protected][[:space:]][email protected][email protected] ' a.txtb=$ (cat a.txt) for i in $bdo ip= ' echo $i | awk -f= ' {print $2} ' cishu= ' echo $i | awk -F= ' {print $1} ' if [ $cishu -ge 5 ];then grep "$ip" /etc /hosts.deny &> /dev/null if [ $? != 0 ];then echo "sshd: $ip" >> /etc/ hosts.deny echo sed -i '/192.168.0.101$/d ' /etc/hosts.deny | at&nbSp;12am +7 day >> /dev/null fi fidone
#!/bin/bashservices= ' chkconfig --list | grep -e ' 3: (on| enabled) "| awk ' {print $1} ' | grep -vE ' Crond|network|sshd|syslog ' touch /tmp/ services.txtfor i in $servicesdo chkconfig $i off echo " Disable System Services $i " echo $i >> /tmp/services.txtdonehang= ' wc -l /tmp/ services.txt | awk ' {print $1} ' if [ $hang -lt 1 ];then echo "Current system service is optimized" firm -f /tmp/services.txt# Delete system redundancy account Username= ' grep -e "news| Uucp|games|gopher " /etc/passwd | awk -F: ' {print $1} ' for i in $ usernamedo userdel -r $i &> /dev/null echo "deleted redundant account $i" done# ensure that the user's login shell has not been altered denglu= ' grep '/bin/bash ' /etc/passwd | awk -F: ' {print $1} ' renshu= ' grep "/bin/bash" /eTc/passwd | wc -l ' echo ' total $renshu users can log in to the system for i in $dengludo echo "$i can log on to the system" done# set password validity period read -p "Set password validity period (days):" youxiaoqigrep -v pass_max_days /etc/login.defs > /tmp/tmpecho "pass_max_days $youxiaoqi" >> /tmp/tmpcp /tmp/tmp /etc/login.defsecho "Set password is valid for $youxiaoqi days" #优化历史命令条目read -p Record History Command Entry (BAR): " lishigrep " histsize= " /etc/profile >> /dev/nullif [ $? != 0 ];thenecho "Histsize= $lishi" >> /dev/nullelsesed -ri s#histsize=.* #HISTSIZE = $lishi #g /etc/profile >> /dev/null figrep "Clear" /root/.bash_logout >> /dev/null if [ $? != 0 ];then echo clear >> /root/.bash_logout fi echo "Empty history command when root user exits bash" was successfully set #优化闲置超时时间的read -p Idle Time-out (minutes): " sjgrep " Export tmout " /etc/profile &> /dev/ nullif [ $? != 0 ];then echo "export tmout= $sj" >> /etc/profileelse sed -ri s# "export tmout=.*" # "export tmout= $sj" #g / etc/profile &> /dev/nullfi# Disable Ctrl+alt+del Hotkey restart grep "#ca::" /etc/inittab > > /dev/nullif [ $? != 0 ];then sed -ri [email protected]::@ #ca:: @g /etc/inittab >> /dev/null if [ $? = 0 ];then echo "banned the ctrl+alt+ Del hotkey Restart " else echo " Disable ctrl+alt+ Del Hotkey Restart failed, please manually set " fi else echo "Previously banned Ctrl+alt+del hotkey restart, no longer set here" fi# Set GRUB encryption password grep Password /boot/grub/grub.conf &> /dev/nullif [ $? = 0 ];then sed -ri '/^password/d ' /boot/grub/grub.conf &> /dev/nullfi read -p "Set GRUB encryption Password:" md5m md5miyao= ' echo -e "$ md5m\n$md5m " | /sbin/grub-md5-crypt 2> /dev/null | tail -1 ' sed -ri '/^title/i\password --md5 ' $md 5miyao ' /boot/grub/grub.conf &> /dev/null# Modify login Prompt read -p "Please enter login prompt" tishiecho $tishi > /etc/issue# reduce the number of open TTY terminals for i in {2..6}do grep "\# $i: 2345" /etc/inittab >> /dev/null if [ $? != 0 ];then sed -ri [email protecTed] $i: [email protected]# $i:[email protected] /etc/inittab >> /dev/null echo "closed tty$i Terminal" fidone# file descriptor read -p "set file descriptor (recommended setting range 30,000 to 60,000):" miaoshufuulimit -hsn $miaoshufuecho "* - nofile $miaoshufu " >> /etc/security/limits.conf
This article from "Plum blossom fragrance from bitter cold" blog, please be sure to keep this source http://wangjunkang.blog.51cto.com/8809812/1576650
Two small shell scripts