12、TCP Wrapper与sudo

1、编写脚本/root/bin/checkip.sh,每5分钟检查一次,如果发现通过ssh登录失败 次数超过10次,自动将此远程IP放入Tcp Wrapper的黑名单中予以禁止防问

编写脚本:checkip.sh

[root@centos7 data]# cat checkip.sh 
#!/bin/bash

lastb |awk -F ' ' '/ssh/{print $3}'|sort|uniq -c > /data/loginFailed.log
while read line
do
    Num=`echo $line|awk '{print $1}'`
    IP=`echo $line|awk '{print $2}'`
    if (( $Num > 10 ));then
        grep $IP /etc/hosts.deny > /dev/null #判断IP是否已经添加过
        if (( $? > 0 ));then
            echo "sshd:$IP" >> /etc/hosts.deny 
        fi
    fi
done < /data/loginFailed.log

设置定时任务

[root@centos7 data]# vim /etc/crontab 

  1 SHELL=/bin/bash
  2 PATH=/sbin:/bin:/usr/sbin:/usr/bin
  3 MAILTO=root
  4 
  5 # For details see man 4 crontabs
  6 
  7 # Example of job definition:
  8 # .---------------- minute (0 - 59)
  9 # |  .------------- hour (0 - 23)
 10 # |  |  .---------- day of month (1 - 31)
 11 # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
 12 # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
 13 # |  |  |  |  |
 14 # *  *  *  *  * user-name  command to be executed
 15 */5 * * * * root /bin/bash /root/bin/checkip.sh

当192.168.45.128访问次数超过十次时,检查/etc/hosts.deny中是否添加该IP

[root@centos7 bin]# cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#       deny connections to network services that either use
#       the tcp_wrappers library or that have been
#       started through a tcp_wrappers-enabled xinetd.
#
#       The rules in this file can also be set up in
#       /etc/hosts.allow with a 'deny' option instead.
#
#       See 'man 5 hosts_options' and 'man 5 hosts_access'
#       for information on rule syntax.
#       See 'man tcpd' for information on tcp_wrappers
#
sshd:192.168.45.128

2、配置magedu用户的sudo权限,允许magedu用户拥有root权限

在没有sudo权限的时候,使用sudo查看文件报错如下:

[root@centos7 etc]# su - magedu 
Last login: Sat Jul 11 13:18:46 CST 2020 on pts/0
[magedu@centos7 ~]$ sudo cat /etc/shadow|head -3
magedu is not in the sudoers file.  This incident will be reported.

修改/etc/sudoers,添加magedu ALL=(root) ALL
修改/etc/sudoers文件

再次查看文件,结果如下:

[root@centos7 etc]# su - magedu 
Last login: Sat Jul 11 13:21:13 CST 2020 on pts/0
[magedu@centos7 ~]$ sudo cat /etc/shadow|head -3
root:$6$5nqnD3rT$Yujzq/35FOR2SIH5e5i5D9VoWlew4vTiAdqB8D5/BVe40eGbdqt4QMMq49j3gW4MUgX/ilvvSWuRKCOWeqJ6G1:18443:0:99999:7:::
bin:*:17834:0:99999:7:::
daemon:*:17834:0:99999:7:::

你可能感兴趣的:(12、TCP Wrapper与sudo)