#!/bin/bash
#====================================================
# Author: Mr.Song
# Create Date: 2018-11-16
# Description:
#====================================================
########################################################
#bash配置
cat >> ~/.bashrc <<- EOF
alias cls=‘clear‘ #DOS风格的清空
alias h=‘history | tail‘
alias hg=‘history | grep‘
alias hl=‘history | less‘
#stty erase ^H #清除退格 (这个很有必要)
export PS1="[\[\e[0;36m\]\u\[\e[m\]@\[\e[0;32m\]\h \[\e[0;35m\]\W\[\e[m\]]\\\\$"
export HISTTIMEFORMAT="%F %T \`who -u am i 2>/dev/null|awk ‘{print \$NF}‘|sed -e ‘s/[()]//g‘\` \`whoami\` "
EOF
#########################################################
#vim配置:行号、快捷键输入文本、中文支持
cat >> ~/.vimrc <<-EOF
set autoindent
set nu
set tabstop=4
set shiftwidth=4
set fileencodings=utf-8,ucs-bom,gb18030,gbk,gb2312,cp936
set termencoding=utf-8
set encoding=utf-8
function AddTitle()
call setline(1,"#!/bin/bash")
call append(1,"#====================================================")
call append(2,"# Author: Mr.Song")
call append(3,"# Create Date: " . strftime("%Y-%m-%d"))
call append(4,"# Description: ")
call append(5,"#====================================================")
endf
map <F4> :call AddTitle()<cr>
EOF
#########################################################
#openssh优化:禁用DNS查询、禁用root账户使用密码登陆
sed -i -e ‘/#UseDNS/a\UseDNS no‘ -e ‘/#PermitRootLogin yes/a\PermitRootLogin prohibit-password‘ /etc/ssh/sshd_config
systemctl restart sshd
#########################################################
#防止暴力破解脚本
echo "*/1 * * * * root /root/auto_deny_ip_v1.sh" >> /etc/crontab
tail -n +$(awk ‘/^#!/{if(i){print NR;exit}i++}‘ $0) $0>auto_deny_ip_v1.sh
chmod +x auto_deny_ip_v1.sh
exit 0
#!/bin/bash
#Auto drop ssh failed IP address
#By author jfedu.net 2017
#Define Path variables
SEC_FILE=/var/log/secure
IP_ADDR=`awk ‘{print $0}‘ /var/log/secure|grep -i "fail"| egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -nr | uniq -c |awk ‘$1>=1 {print $2}‘`
DENY_CONF=/etc/hosts.deny
TM1=`date +%Y%m%d%H%M`
DENY_IP="/tmp/2h_deny_ip.txt"
echo
cat <<EOF
++++++++++++++welcome to use ssh login drop failed ip+++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++------------------------------------++++++++++++++++++
EOF
echo
for ((j=0;j<=2;j++)) ;do echo -n "-";sleep 1 ;done
echo
for i in `echo $IP_ADDR`
do
cat $DENY_CONF |grep $i >/dev/null 2>&1
if [ $? -ne 0 ];then
grep "$i" $DENY_IP>>/dev/null 2>&1
if [ $? -eq 0 ];then
TM3=`date +%Y%m%d%H%M`
IP1=`awk -F"[#:]" ‘/‘$i‘/ {print $2,$4}‘ $DENY_IP|awk ‘{if(‘$TM3‘>=$2+2) print $1}‘`
if [ ! -z $IP1 ];then
echo "sshd:$IP1:deny #$TM1" >>$DENY_CONF
sed -i "/$IP1/d" $DENY_IP
fi
else
echo "sshd:$i:deny #$TM1" >>$DENY_CONF
fi
fi
done
#Allow IP to access
TM2=`date +%Y%m%d%H%M`
IP2=`awk -F"[#:]" ‘/sshd/ {print $2,$4}‘ $DENY_CONF|awk ‘{if(‘$TM2‘>=$2+2) print $1}‘`
for k in `echo $IP2`
do
echo $k
sed -i "/$k/d" $DENY_CONF
echo "sshd:$k:deny #$TM2" >>$DENY_IP
done
原文地址:http://blog.51cto.com/8460152/2318014