DenyHosts2.6 自动部署脚本

#!/bin/bash
#DenyHosts-2.6.tar.gz 一键安装配置脚本
#拒绝服务器 SSH暴力破解,ssh 连接时，密码输错2次后被拒绝连接。
#xc
#2019-08-14
DENYHOSTS_PS=`ps -ef |grep denyhosts |grep -v grep |wc -l`
DENYHOSTS_CFG=”/usr/share/denyhosts/denyhosts.cfg”
DENYHOSTS_SOFT=”https://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz”
function base_chk() {
MYVER=`cat /etc/redhat-release |awk ‘{print $4}’| awk -F [.] ‘{print $1}’`
expr 1 + $MYVER &>/dev/null
if [ $? -ne 0 ];then
echo “请在 7 版本的系统里面运行该脚本…..”
exit
fi
if [ $UID -ne 0 ]; then
echo “请用 root 用户运行该脚本….”
exit
fi
echo ‘网络检测中…………………..’
echo ‘ ‘
sleep 1
#检测有无外网

ping -c 1 114.114.114.114 > /dev/null 2>&1
if [ $? -eq 0 ];then
echo ‘网络正常，程序将继续运行。’
sleep 1
else
echo ‘正在进行第二次网络检测，请稍候………’
sleep 1
curl www.baidu.com >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo ‘检测到网络连接有异常，请检查您的网络设置…..’
exit
else
echo ”
echo ‘网络正常，程序将继续运行.’
sleep 1
fi
fi
}

if [ ! -f $DENYHOSTS_CFG ] && [ $DENYHOSTS_PS -lt 1 ];then
echo “Denyhost not setup，We will download and install it online.”
sleep 2
base_chk
yum install wget -y >/tmp/yum.log 2>&1
cd /opt && wget -q $DENYHOSTS_SOFT
if [ $? -ne 0 ]; then
echo ”
echo “下载有问题，请检查……”
exit
fi
tar zxf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6/
#安装
python setup.py install >/tmp/denyhosts.setup.log 2>&1
if [ $? -ne 0 ]; then
echo “install error，Please check……”
exit
fi
cd /usr/share/denyhosts/
cp daemon-control-dist daemon-control
cp denyhosts.cfg-dist denyhosts.cfg
#修改配置文件
#多久时间清除禁止的IP，w：周 d：天
sed -i ‘s/PURGE_DENY =/PURGE_DENY = 500w/g’ $DENYHOSTS_CFG
#允许无效用户登录失败的次数，超过被拒绝，无效用户，系统中不存在的用户。
sed -i ‘s/DENY_THRESHOLD_INVALID = 5/DENY_THRESHOLD_INVALID = 2/g’ $DENYHOSTS_CFG
#允许普通用户登录失败的次数，超过被拒绝。
sed -i ‘s/DENY_THRESHOLD_VALID = 10/DENY_THRESHOLD_VALID = 2/g’ $DENYHOSTS_CFG
#允许 root 用户登录失败的次数，超过被拒绝。
sed -i ‘s/DENY_THRESHOLD_ROOT = 1/DENY_THRESHOLD_ROOT = 2/g’ $DENYHOSTS_CFG
#启动服务：
systemctl restart rsyslog
/usr/share/denyhosts/daemon-control start >/tmp/denyhosts.start 2>&1
if [ $? -ne 0 ]; then
echo “Denyhosts start error，log file /tmp/denyhosts.start”
exit
fi
#修改SSH密码尝试次数，修改为1次。默认为3次
sed -i ‘s/#MaxAuthTries 6/MaxAuthTries 1/g’ /etc/ssh/sshd_config
systemctl restart sshd
if [ $? -ne 0 ]; then
echo “sshd restart error，Please check……”
exit
fi
echo -e “\033[31m DenyHosts 2.6 部署完成。\033[0m”
else
echo “Denyhost already setup……”
exit
fi