\u535a\u5ba2<\/a>\uff0c\u5907\u53d7\u542f\u53d1\uff0c\u4e8e\u662f\u89c9\u5f97\u7f16\u5199\u4e00\u4e2a\u9002\u5408\u81ea\u5df1\u7684<\/p>\n\r\n#!\/bin\/bash\r\n#function\t DROP all failed IP if more than $Number(default is 99)\r\n#author weskiller \t2014-10-31\r\n#drop this script on \/root\/ext_ssh_deny\/ext_ssh_deny.sh\r\n#and add crond like this\r\n#crontab -e\r\n#*\/30 * * * * \/root\/ext_ssh_deny\/ext_ssh_deny.sh\r\n#service crond start\r\n\r\n#Check whether the iptables installed\r\n[ -e \/usr\/sbin\/iptables ] || { echo "iptables-services not installed" && exit 1 ;}\r\n\r\n#set limit number\r\nNumber=\r\n\r\n#set IP of regular expressions\r\nRegular_Expression_Ip='(\\<(22[0-3]|2[01][0-9]|1[3-9][0-9]|12[0-689]|1[0-1][0-9]|[1-9]?[0-9]|[1-9]))(\\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){2}(\\.(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[1-9])\\>)'\r\n\r\n#set Centos ssh log file\r\nFile=\/root\/ext_ssh_deny\/secure\r\n\r\n#Extract failed information\r\nFIND() {\r\n\tgrep -Eo "((failure|Failed)(.*)$Regular_Expression_Ip|$Regular_Expression_Ip(.*)failed)" \/var\/log\/secure > $File\r\n}\r\n\r\n#Find the attack IP\r\nATTACK_LIST() {\r\n\tgrep -Eo "$Regular_Expression_Ip" $File |sort|uniq -c|awk '($1>'${Number:=99}') {printf $2"\\n"}'|sort > \/root\/ext_ssh_deny\/Attack_Ip\r\n\t\r\n}\r\n\r\n#Add iptables rule \r\nDENY_ATTACK_IP() {\r\n\tfor IP in $1\r\n\tdo\r\n\tRe_Ip=`echo $IP |sed 's|\\.|\\\\\\.|g'`\r\n\tTIMES=`grep "$Re_Ip" \/root\/ext_ssh_deny\/secure |wc -l`\r\n\t\/sbin\/iptables -vnL|grep "$Re_Ip" >\/dev\/null 2>&1 || \/sbin\/iptables -I INPUT -s $IP -m state --state NEW,RELATED,ESTABLISHED -p tcp --dport 22 -j DROP && echo "`date +%Y%m%d-%H:%M:%S` IP:$IP TIMES=$TIMES" >> \/root\/ext_ssh_deny\/deny.log\r\n\tdone\r\n}\r\n\r\n#Extract iptables deny\r\nIPTABLES_DENY_IP() {\r\n \t\/sbin\/iptables -vnL|grep -Eo "DROP.*$Regular_Expression_Ip" |awk '{print $NF}'|sort > \/root\/ext_ssh_deny\/Iptables_Deny_Ip\r\n}\r\n\r\n#the IP from the script log\r\nLOG_IP() {\r\n\tgrep -Eo "$Regular_Expression_Ip" \/root\/ext_ssh_deny\/deny.log |sort > \/root\/ext_ssh_deny\/Log_Ip \r\n}\r\n\r\n#clear iptables rules and script log\r\nCLEAR() {\r\n\tcat \/dev\/null > \/root\/ext_ssh_deny\/deny.log\r\n\tsed -i '\/\\\/32\/'d \/etc\/sysconfig\/iptables\r\n\t\/sbin\/service iptables restart >\/dev\/null 2>&1\r\n}\r\n\r\n#initialization\r\nRESET(){\r\n\tCLEAR\r\n\tFIND\r\n\tATTACK_LIST\r\n\tDENY_ATTACK_IP "`cat \/root\/ext_ssh_deny\/Attack_Ip`"\r\n\t\/sbin\/service iptables save >\/dev\/null 2>&1\r\n\texit 0\r\n}\r\n\r\n#order to refresh data\r\nPREPARE() {\r\n\tIPTABLES_DENY_IP\r\n\tLOG_IP\r\n}\r\n\r\n#just add new Attack_Ip in iptables\r\nUPDATE() {\r\n\tFIND\r\n\tATTACK_LIST\r\n\tcomm -13 \/root\/ext_ssh_deny\/Log_Ip \/root\/ext_ssh_deny\/Attack_Ip > \/root\/ext_ssh_deny\/Update_Ip \r\n\t[ -s \/root\/ext_ssh_deny\/Update_Ip ] || exit 0\r\n\tDENY_ATTACK_IP "`cat \/root\/ext_ssh_deny\/Update_Ip`"\r\n\t\/sbin\/service iptables save >\/dev\/null 2>&1\r\n\texit 0\r\n}\r\n\r\n#check script health in order to Released ip if a long time ago \r\nCHECK_HEALTH() {\r\n\t[ -f \/var\/log\/secure ] || return 1\r\n\t[ -s \/var\/log\/secure ] || return 1\r\n\t[ -f \/root\/ext_ssh_deny\/deny.log ] || return 2\r\n\t[ -s \/root\/ext_ssh_deny\/deny.log ] || return 2\r\n\t\/usr\/sbin\/iptables -vnL|grep -Eo "DROP.*$Regular_Expression_Ip" >\/dev\/null 2>&1 || return 3\r\n\tPREPARE\r\n\t[ -z "`comm -13 \/root\/ext_ssh_deny\/Iptables_Deny_Ip \/root\/ext_ssh_deny\/Log_Ip`" ] && return 0 || return 3\r\n}\r\n\r\n#start\r\nMAIN() {\r\nCHECK_HEALTH\r\ncase $? in\r\n\t1)\r\n\tCLEAR && return 1\r\n\t;;\r\n\t2|3)\r\n\tRESET \r\n\t;;\r\n\t0)\r\n\tUPDATE\r\n\t;;\r\nesac\r\n}\r\n\r\nMAIN\r\n<\/pre>\n\u5982\u4e0a\uff0c\u811a\u672c\u7684\u529f\u80fd\u662f\u81ea\u52a8\u627e\u51fassh\u767b\u9646\u6b21\u6570\u5927\u4e8e\u9650\u5b9a\u6b21\u6570\u7684ip,\u5e76\u52a0\u5165\u9632\u706b\u5899\u4e2d\u62d2\u7edd\u767b\u9646\uff0c\u800c\u4e14\u505a\u5230\u81ea\u52a8\u66f4\u65b0\u7684\u529f\u80fd
\n\u7f3a\u70b9\u662f\u9002\u5e94\u6027\u4e0d\u5f3a\uff0c\u6839\u636e\u4e2a\u4eba\u5b9a\u5236\uff0c\u65e0\u6cd5\u6ee1\u8db3\u6240\u6709\u4eba<\/p>\n
No4 \u53d6\u6d88\u5bc6\u7801\u767b\u9646\uff0c\u4f7f\u7528\u5bc6\u94a5\u9a8c\u8bc1<\/span><\/p>\n\u4f18\u70b9\u662f\u64cd\u4f5c\u7b80\u5355\uff0c\u5b9e\u7528\u6027\u5f88\u597d\u3002\u7f3a\u70b9\u662f\u5bc6\u94a5\u6587\u4ef6\u9700\u8981\u672c\u5730\u5b58\u50a8\uff0c\u65e0\u6cd5\u4f7f\u7528\u4ea4\u4e92\u5f0f\u547d\u4ee4\u5982scp
\n\u751f\u6210\u5bc6\u7801\u6587\u4ef6<\/p>\n
\r\n#ssh-keygen -t rsa -b 2048\r\nGenerating public\/private rsa key pair.\r\nEnter file in which to save the key (\/root\/.ssh\/id_rsa): \r\nCreated directory '\/root\/.ssh'.\r\nEnter passphrase (empty for no passphrase): \r\nEnter same passphrase again: \r\nYour identification has been saved in \/root\/.ssh\/id_rsa.\r\nYour public key has been saved in \/root\/.ssh\/id_rsa.pub.\r\nThe key fingerprint is:\r\n40:86:b1:06:62:0b:ea:76:ce:2f:28:76:2c:55:23:b7 root@localhost.localdomain\r\nThe key's randomart image is:\r\n+--[ RSA 2048]----+\r\n|o.. .oo |\r\n|+....+ |\r\n|.. o . |\r\n|. o + . |\r\n| o .+ o S |\r\n|. +. E |\r\n| +o |\r\n|.+ +. |\r\n|o o .. |\r\n+-----------------+\r\n#cp ~\/.ssh\/id_rsa.pub ~\/.ssh\/authorized_keys\r\n#chmod 400 ~\/.ssh\/authorized_keys\r\n#vi \/etc\/ssh\/sshd_config\r\nPasswordAuthentication no\r\n#service sshd restart\r\n<\/pre>\nNo5 \u4f7f\u7528vnc\u8fdc\u7a0b\u7ba1\u7406<\/span><\/p>\n\u8fd9\u79cd\u65b9\u5f0f\u76f4\u63a5\u5f03\u7528\u4e86ssh,\u5341\u5206\u5f7b\u5e95\u7684\u5c4f\u853d\u4e86\u6076\u610f\u4e3b\u673a\u7684\u626b\u63cf\u548c\u653b\u51fb\uff0c\u968f\u610f\u8bbe\u5b9a\u7684\u7aef\u53e3\u4e5f\u4e3a\u653b\u51fb\u5e26\u6765\u4e86\u96be\u5ea6\uff0c\u800c\u4e14\u4f7f\u7528\u7684\u771f\u5b9e\u7684\u7528\u6237\u547d\u4ee4\u63a5\u53e3\u3002\u4f46\u662f\u95ee\u9898\u4e5f\u5f88\u660e\u663e\u3002\u4f9d\u65e7\u4f7f\u7528\u53e3\u4ee4\uff0c\u8fdc\u7a0b\u7ba1\u7406\uff0c\u6d41\u91cf\u5f00\u9500\u5927\uff0c\u5bf9\u7cfb\u7edf\u8d44\u6e90\u5360\u7528\u4e5f\u6bd4ssh\u8981\u591a\uff0c\u5bfc\u81f4\u7ecf\u5e38\u6027\u7684\u7f51\u7edc\u4e2d\u65ad\u3002\u5efa\u8bae\u7ba1\u7406\u5185\u7f51\u7684\u670d\u52a1\u5668\u4f7f\u7528<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4ee5\u524d\u4e70\u8fc7\u8bb8\u591avps,\u56fd\u5185\uff0c\u56fd\u5916\u7684\u90fd\u6709\u3002\u65e0\u8bbaidc\u4f9b\u5e94\u5546\u9632\u706b\u5899\u505a\u7684\u591a\u597d\uff0c\u7b56\u7565\u6709\u591a\u590d\u6742\uff0c\u603b\u662f\u4f1a\u6709\u5f88\u591a\u8fde\u7eed\u7684IP\u6bb5\u4e0d […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,3,2,5],"tags":[6],"class_list":["post-11","post","type-post","status-publish","format-standard","hentry","category-linux","category-script","category-shell","category-ssh","tag-6"],"_links":{"self":[{"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/posts\/11","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":39,"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"predecessor-version":[{"id":544,"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/posts\/11\/revisions\/544"}],"wp:attachment":[{"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gamein.vip\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}