本文及资源最后更新时间 2021-10-20 by sky995
SSH端口两种防御脚本
方法1:
超过10次登陆失败就封掉IP,创建shell脚本:secure_ssh.sh
1
2
3
4
5
6
7
8
9
10
11
12
|
#! /bin/bash cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c| awk '{print $2"="$1;}' > /usr/local/bin/black .txt for i in ` cat /usr/local/bin/black .txt` do IP=` echo $i | awk -F= '{print $1}' ` NUM=` echo $i| awk -F= '{print $2}' ` result=$( cat /etc/hosts .deny | grep $IP) if [[ $NUM -gt 10 ]]; then if [[ $result = "" ]]; then echo "sshd: $IP" >> /etc/hosts .deny fi fi |
定时任务:10分钟执行一次,crontab -e
1
|
* /10 * * * * bash /usr/local/bin/secure_ssh .sh |
方法2:
使用Fail2ban程序
1
2
3
4
5
|
sudo apt-get -y update sudo apt-get install -y fail2ban \ cp /etc/fail2ban/jail .conf /etc/fail2ban/jail . local sed -i 's/^bantime = 600$/bantime = 3600/g' /etc/fail2ban/jail . local sudo /etc/init .d /fail2ban start |
shell ssh ssh破解 ssh防御脚本