├── .gitignore
├── README.md
├── run_centos.sh
├── run_ubuntu.sh
└── run_ubuntu_azure.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | black.list
2 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # secure_ssh
 2 | linux机器的安全脚本，实现ssh访问控制，多次失败登录即封掉IP，防止暴力破解
 3 | 
 4 | 
 5 | 
 6 | 你的vps很可能正在被暴力破解密码
 7 | 
 8 | 
 9 | 
10 | 如果你的机器是Centos，去看看/var/log/secure
11 | 
12 | 如果你的机器是Ubuntu，去看看/var/log/auth.log
13 | 
14 | 
15 | 
16 | 解决方法
17 | 
18 | 在Centos机器上运行run_centos.sh
19 | 
20 | 在Ubuntu机器上运行run_ubuntu.sh
21 | 
22 | 
23 | 
24 | 添加到你的crontab中，让脚本每分钟运行一次
25 | 
26 | ```
27 | * * * * * root /home/will/.local/secure_ssh/run_ubuntu.sh
28 | ```
29 | 
30 | 
31 | 
32 | 这样暴力破解你密码的ip会进入到hosts.deny黑名单中，以后他就不能再登录了
33 | 
34 | 
35 | 
36 | 为了防止你自己登陆失败，需要在hosts.allow白名单中加入你自己的ip，形如：
37 | 
38 | ```
39 | sshd：10.0.0.:allow
40 | ```
41 | 
42 | 


--------------------------------------------------------------------------------
/run_centos.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | basepath=$(cd `dirname $0`; pwd)
 3 | logfile=$basepath/black.list
 4 | cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > $logfile
 5 | for i in `cat  $logfile`
 6 | do
 7 |   IP=`echo $i |awk -F= '{print $1}'`
 8 |   NUM=`echo $i|awk -F= '{print $2}'`
 9 |   if [ ${#NUM} -gt 1 ]; then
10 |     grep $IP /etc/hosts.deny > /dev/null
11 |     if [ $? -gt 0 ];then
12 |       echo "sshd:$IP:deny" >> /etc/hosts.deny
13 |     fi
14 |   fi
15 | done
16 | 
17 | 


--------------------------------------------------------------------------------
/run_ubuntu.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | basepath=$(cd `dirname $0`; pwd)
 3 | logfile=$basepath/black.list
 4 | cat /var/log/auth.log |awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > $logfile
 5 | for i in `cat  $logfile`
 6 | do
 7 |   IP=`echo $i |awk -F= '{print $1}'`
 8 |   NUM=`echo $i|awk -F= '{print $2}'`
 9 |   if [ ${#NUM} -gt 1 ]; then
10 |     grep $IP /etc/hosts.deny > /dev/null
11 |     if [ $? -gt 0 ];then
12 |       echo "sshd:$IP:deny" >> /etc/hosts.deny
13 |     fi
14 |   fi
15 | done
16 | 
17 | 


--------------------------------------------------------------------------------
/run_ubuntu_azure.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | basepath=$(cd `dirname $0`; pwd)
 3 | logfile=$basepath/black.list
 4 | cat /var/log/auth.log |awk '/Invalid/{print $(NF-2)}'|sort|uniq -c|awk '{print $2"="$1;}' > $logfile
 5 | for i in `cat  $logfile`
 6 | do
 7 |   IP=`echo $i |awk -F= '{print $1}'`
 8 |   NUM=`echo $i|awk -F= '{print $2}'`
 9 |   if [ ${#NUM} -gt 1 ]; then
10 |     grep $IP /etc/hosts.deny > /dev/null
11 |     if [ $? -gt 0 ];then
12 |       echo "sshd:$IP:deny" >> /etc/hosts.deny
13 |     fi
14 |   fi
15 | done
16 | 
17 | 


--------------------------------------------------------------------------------