最早测试这个的时候,花了一些时间,直接看代码吧
示例代码
#!/usr/bin/csh
# 执行 csh /etc/block_ssh.csh
#
# 获取 tty 值
set tmn = `who am i | awk '{print $2;}'`
# 获取当前 IP
set login_ip = ` who -um | awk '{print $8;}' | sed -e 's/(//g; s/)//g' `
# 获取当前 PID 值
set login_pid = `who -um | awk '{print $7;}'`
set login_name = `echo $LOGNAME`
if ( "$login_ip" == "" || "$login_ip" == ":0" || "$login_ip" == ":0.0") then
set type_x = "local"
else
set type_x = "remote"
endif
echo "`date +%Y-%m-%d\ %H:%M:%S` \t $login_name $login_ip \n" >> /usr/tmp/remote.log
#echo -e "`date +%Y-%m-%d\ %H:%M:%S` \t $login_ip \n" >> /tmp/remote.log # bash
echo $type_x
#trap 1 2 3 9 15
if ( "$type_x" == "local" || "$login_ip" == "10.0.2.2" ) then
echo "Welcome......"
logger -p user.info "Someone has logined in: $login_ip \!"
else
echo " sys log"
# 需要转义:英文叹号
logger -i -p user.err -t SSH "Remote IP is login: $login_ip \!"
echo " user log"
logger -ip user.alert "Unauthorized remote IP is login: $login_ip \!"
# 测试表明,上述报警同时在 系统日志和用户日志中存储
# kill remote ssh link
pkill -9 -t $tmn
endif
姊妹篇
最后更新: 2022/02/20 20:33:32
作者: David Faraday
主用链接: https://faradays-studio.gitee.io/202202121227/
备用链接: https://faradays-studio.github.io/202202121227/
许可协议: CC BY-NC-SA 4.0.