SECURE 日志为空
[root@localhost ~]# vi /etc/ssh/sshd_config
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
[root@localhost ~]# service syslog restart
[root@localhost ~]# service sshd restart
修改ssh默认端口
[root@localhost ~]# vi /etc/ssh/sshd_config
#Port 22
Port 2594
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
[root@localhost ~]# service sshd restart
history显示操作时间
[root@localhost ~]# echo 'export HISTTIMEFORMAT="%F %T"' >>/etc/profile
[root@localhost ~]# source /etc/profile
[root@localhost ~]# history
屏蔽每天ssh登陆错误超过10次的ip
[root@localhost data]# vi blacklist.sh
#!/bin/bash
DATE=$(date +"%a %b %e")
ABNORMAL_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>10)print i}')
echo
echo "以下ip每天超过10次登陆失败"
echo
for IP in $ABNORMAL_IP; do
insert_ip=`grep "$IP" /etc/hosts.deny | wc -l`
if [ $insert_ip -le 0 ] ; then
echo "屏蔽IP:$IP"
echo "sshd:${IP}" >> /etc/hosts.deny
else
echo "IP:$IP 已存在系统黑名单中"
fi
done
systemctl restart sshd
echo
echo "屏蔽完成"
echo
[root@localhost data]# crontab -e
58 */1 * * * /data/blacklist.sh >> /data/blacklist.log 2>&1
不自动清理tomcat临时目录
[root@localhost ~]# vi /usr/lib/tmpfiles.d/tmp.conf
#添加
x /tmp/tomcat.*
