標籤:shell
防止其他人暴力破解密碼,如果有人嘗試輸入密碼錯誤次數到達5次則拒絕此IP訪問ssh服務。
#!/bin/bashlastb | awk ‘{print $3}‘ | uniq -c | sort -r > a.txtsed -ri ‘[email protected]^[[:space:]][email protected]@g‘ a.txtsed -ri ‘[email protected][[:space:]][email protected][email protected]‘ a.txtb=$(cat a.txt)for i in $bdo ip=`echo $i | awk -F= ‘{print $2}‘` cishu=`echo $i | awk -F= ‘{print $1}‘` if [ $cishu -ge 5 ];then grep "$ip" /etc/hosts.deny &> /dev/null if [ $? != 0 ];then echo "sshd:$ip" >> /etc/hosts.deny echo sed -i ‘/192.168.0.101$/d‘ /etc/hosts.deny | at 12am +7 day >> /dev/null fi fidone
還有一個redhat5系列系統最佳化指令碼
#!/bin/bashservices=`chkconfig --list | grep -E "3:(on|啟用)"| awk ‘{print $1}‘ | grep -vE "crond|network|sshd|syslog"`touch /tmp/services.txtfor i in $servicesdo chkconfig $i off echo "禁止了系統服務$i" echo $i >> /tmp/services.txtdonehang=`wc -l /tmp/services.txt | awk ‘{print $1}‘`if [ $hang -lt 1 ];then echo "當前的系統服務已經最優了"firm -f /tmp/services.txt#刪除系統冗餘帳號username=`grep -E "news|uucp|games|gopher" /etc/passwd | awk -F: ‘{print $1}‘`for i in $usernamedo userdel -r $i &> /dev/null echo “刪除了冗餘帳號$i”done#保證使用者的登入shell沒有被改動denglu=`grep "/bin/bash" /etc/passwd | awk -F: ‘{print $1}‘`renshu=`grep "/bin/bash" /etc/passwd | wc -l`echo "一共有$renshu個使用者可以登入系統"for i in $dengludo echo "$i可以登入系統"done#設定密碼有效期間read -p "設定密碼有效期間(天):" youxiaoqigrep -v PASS_MAX_DAYS /etc/login.defs > /tmp/tmpecho "PASS_MAX_DAYS $youxiaoqi" >> /tmp/tmpcp /tmp/tmp /etc/login.defsecho "設定密碼有效期間為$youxiaoqi天"#最佳化曆史命令條目read -p "記錄曆史命令條目(條):" lishigrep "HISTSIZE=" /etc/profile >> /dev/nullif [ $? != 0 ];thenecho "HISTSIZE=$lishi" >> /dev/nullelsesed -ri s#HISTSIZE=.*#HISTSIZE=$lishi#g /etc/profile >> /dev/null figrep "clear" /root/.bash_logout >> /dev/null if [ $? != 0 ];then echo clear >> /root/.bash_logout fi echo "成功設定了root使用者退出bash時清空曆史命令"#最佳化閑置逾時時間的read -p "閑置逾時時間(分鐘):" sjgrep "export TMOUT" /etc/profile &> /dev/nullif [ $? != 0 ];then echo "export TMOUT=$sj" >> /etc/profileelse sed -ri s#"export TMOUT=.*"#"export TMOUT=$sj"#g /etc/profile &> /dev/nullfi#禁止Ctrl+Alt+Del熱鍵重啟grep "#ca::" /etc/inittab >> /dev/nullif [ $? != 0 ];then sed -ri [email protected]::@#ca::@g /etc/inittab >> /dev/null if [ $? = 0 ];then echo "禁止了Ctrl+Alt+Del熱鍵重啟" else echo "禁止Ctrl+Alt+Del熱鍵重啟失敗,請手動設定" fi else echo "以前禁止了Ctrl+Alt+Del熱鍵重啟,這裡不再進行設定"fi#設定grub加密密碼grep password /boot/grub/grub.conf &> /dev/nullif [ $? = 0 ];then sed -ri ‘/^password/d‘ /boot/grub/grub.conf &> /dev/nullfi read -p "設定grub加密密碼:" md5m md5miyao=`echo -e "$md5m\n$md5m" | /sbin/grub-md5-crypt 2> /dev/null | tail -1` sed -ri ‘/^title/i\password --md5 ‘$md5miyao‘‘ /boot/grub/grub.conf &> /dev/null#修改登入提示資訊read -p "請輸入登入提示資訊" tishiecho $tishi > /etc/issue#減少開放的tty終端個數for i in {2..6}do grep "\#$i:2345" /etc/inittab >> /dev/null if [ $? != 0 ];then sed -ri [email protected]$i:[email protected]#$i:[email protected] /etc/inittab >> /dev/null echo "關閉了tty$i終端" fidone#加大檔案描述符read -p "設定檔案描述符(推薦設定範圍3萬到6萬之間):" miaoshufuulimit -HSn $miaoshufuecho "* - nofile $miaoshufu" >> /etc/security/limits.conf
本文出自 “梅花香自苦寒來” 部落格,請務必保留此出處http://wangjunkang.blog.51cto.com/8809812/1576650
兩個小shell指令碼
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
