安全类脚本：拒绝ssh暴力破解

要求如下：

一个小时内，连续密码错误4次。

Linux lastb 命令用于列出登入系统失败的用户相关信息。

实验过程如下：

1. 创建两个IP地址不同的干净环境，分别是：192.168.46.101 Rocky 2 和 192.168.46.120 openEuler 2.

2. 在192.168.46.101 Rocky 2上使用，ssh远程登录，并且4次输错密码，创建实验环境。

[root@localhost ~]# ssh root@192.168.46.120
The authenticity of host '192.168.46.120 (192.168.46.120)' can't be established.
ED25519 key fingerprint is SHA256:0yjHp21zOpFhOEawwT35iA0huZMZTxvnVnCn28UUI3Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.46.120' (ED25519) to the list of known hosts.Authorized users only. All activities may be monitored and reported.
root@192.168.46.120's password:
Permission denied, please try again.
root@192.168.46.120's password:
Permission denied, please try again.
root@192.168.46.120's password:
root@192.168.46.120: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@localhost ~]# ssh root@192.168.46.120Authorized users only. All activities may be monitored and reported.
root@192.168.46.120's password:
Permission denied, please try again.
root@192.168.46.120's password:
Permission denied, please try again.
root@192.168.46.120's password:
root@192.168.46.120: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@localhost ~]#
[root@localhost ~]#

在192.168.46.120 openEuler 2上进行查看。-- linux系统SSH 登录失败的内容会记录到/var/log/secure文件。

发现，实验环境已经创建成功！

3. 根据题目编写shell脚本。 --- 在192.168.46.120 openEuler 2上的/mnt/目录下创建deny_ip_v2.sh 编写脚本。

#!/bin/bashlastb | egrep -v "^btmp|^$|Fri" | awk '{++IP[$3]} END {for (k in IP)if (IP[k]>=4) print k}' > deny_ip.txtwhile read line
doiptables -L -n | tr -s " " | awk -F'[ :]' '/^DROP/ && $NF=22 {print $4}' | sort -u > temp_ip.txtif ! grep -w $line temp_ip.txt &> /dev/nulltheniptables -I INPUT -p tcp --dport  22 -s $line -j DROPfidone < deny_ip.txtrm -f deny_ip.txt temp_ip.txt

4. 进行测试

在192.168.46.101 Rocky 2上进行登录，发现登陆失败。

到此试验结束！！！