两个小shell脚本
浏览数:62 /
时间:2015年06月20日
防止其他人暴力破解密码,如果有人尝试输入密码错误次数到达5次则拒绝此IP访问ssh服务。
#!/bin/bash
lastb | awk ‘{print $3}‘ | uniq -c | sort -r > a.txt
sed -ri ‘s@^[[:space:]]+@@g‘ a.txt
sed -ri ‘s@[[:space:]]+@=@g‘ a.txt
b=$(cat a.txt)
for i in $b
do
ip=`echo $i | awk -F= ‘{print $2}‘`
cishu=`echo $i | awk -F= ‘{print $1}‘`
if [ $cishu -ge 5 ];then
grep "$ip" /etc/hosts.deny &> /dev/null
if [ $? != 0 ];then
echo "sshd:$ip" >> /etc/hosts.deny
echo sed -i ‘/192.168.0.101$/d‘ /etc/hosts.deny | at 12am +7 day >> /dev/null
fi
fi
done还有一个redhat5系列系统优化脚本
#!/bin/bash
services=`chkconfig --list | grep -E "3:(on|启用)"| awk ‘{print $1}‘ | grep -vE "crond|network|sshd|syslog"`
touch /tmp/services.txt
for i in $services
do
chkconfig $i off
echo "禁止了系统服务$i"
echo $i >> /tmp/services.txt
done
hang=`wc -l /tmp/services.txt | awk ‘{print $1}‘`
if [ $hang -lt 1 ];then
echo "当前的系统服务已经最优了"
fi
rm -f /tmp/services.txt
#删除系统冗余账号
username=`grep -E "news|uucp|games|gopher" /etc/passwd | awk -F: ‘{print $1}‘`
for i in $username
do
userdel -r $i &> /dev/null
echo “删除了冗余帐号$i”
done
#保证用户的登录shell没有被改动
denglu=`grep "/bin/bash" /etc/passwd | awk -F: ‘{print $1}‘`
renshu=`grep "/bin/bash" /etc/passwd | wc -l`
echo "一共有$renshu个用户可以登录系统"
for i in $denglu
do
echo "$i可以登录系统"
done
#设置密码有效期
read -p "设置密码有效期(天):" youxiaoqi
grep -v PASS_MAX_DAYS /etc/login.defs > /tmp/tmp
echo "PASS_MAX_DAYS $youxiaoqi" >> /tmp/tmp
cp /tmp/tmp /etc/login.defs
echo "设置密码有效期为$youxiaoqi天"
#优化历史命令条目
read -p "记录历史命令条目(条):" lishi
grep "HISTSIZE=" /etc/profile >> /dev/null
if [ $? != 0 ];then
echo "HISTSIZE=$lishi" >> /dev/null
else
sed -ri s#HISTSIZE=.*#HISTSIZE=$lishi#g /etc/profile >> /dev/null
fi
grep "clear" /root/.bash_logout >> /dev/null
if [ $? != 0 ];then
echo clear >> /root/.bash_logout
fi
echo "成功设置了root用户退出bash时清空历史命令"
#优化闲置超时时间的
read -p "闲置超时时间(分钟):" sj
grep "export TMOUT" /etc/profile &> /dev/null
if [ $? != 0 ];then
echo "export TMOUT=$sj" >> /etc/profile
else
sed -ri s#"export TMOUT=.*"#"export TMOUT=$sj"#g /etc/profile &> /dev/null
fi
#禁止Ctrl+Alt+Del热键重启
grep "#ca::" /etc/inittab >> /dev/null
if [ $? != 0 ];then
sed -ri s@ca::@#ca::@g /etc/inittab >> /dev/null
if [ $? = 0 ];then
echo "禁止了Ctrl+Alt+Del热键重启"
else
echo "禁止Ctrl+Alt+Del热键重启失败,请手动设置"
fi
else
echo "以前禁止了Ctrl+Alt+Del热键重启,这里不再进行设置"
fi
#设置grub加密密码
grep password /boot/grub/grub.conf &> /dev/null
if [ $? = 0 ];then
sed -ri ‘/^password/d‘ /boot/grub/grub.conf &> /dev/null
fi
read -p "设置grub加密密码:" md5m
md5miyao=`echo -e "$md5m\n$md5m" | /sbin/grub-md5-crypt 2> /dev/null | tail -1`
sed -ri ‘/^title/i\password --md5 ‘$md5miyao‘‘ /boot/grub/grub.conf &> /dev/null
#修改登录提示信息
read -p "请输入登录提示信息" tishi
echo $tishi > /etc/issue
#减少开放的tty终端个数
for i in {2..6}
do
grep "\#$i:2345" /etc/inittab >> /dev/null
if [ $? != 0 ];then
sed -ri s@$i:2345@#$i:2345@g /etc/inittab >> /dev/null
echo "关闭了tty$i终端"
fi
done
#加大文件描述符
read -p "设置文件描述符(推荐设置范围3万到6万之间):" miaoshufu
ulimit -HSn $miaoshufu
echo "* - nofile $miaoshufu" >> /etc/security/limits.conf本文出自 “梅花香自苦寒来” 博客,请务必保留此出处http://wangjunkang.blog.51cto.com/8809812/1576650
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
