设置了登录失败次数过多锁定账户的定时任务
#!/bin/sh
## Auhtor: Henry.He<heyao@hubeicfc.com>
## Date: 2020.11.24
## Version: 1.0
## Description:
## 监测用户登录错误次数以及用户锁定和解锁状态
## 允许错误次数和锁定时间均来自于PAM配置文件 /etc/pam.d/sshd
username=root
max=`grep -o "deny=[0-9]*" /etc/pam.d/sshd|awk -F"=" '{print $2}'|tail -1`
#echo $max
unlocktime=`grep -o "unlock_time=[0-9]*" /etc/pam.d/sshd|awk -F"=" '{print $2}'|tail -1`
#echo $unlocktime
logfile=`grep -o "file=.*" /etc/pam.d/sshd|awk '{print $1}'|awk -F"=" '{print $2}'|tail -1`
#echo $logfile
selflog=/var/log/sshCheck.log
failtime=`/usr/sbin/pam_tally2 --user $username |tail -1|awk '{print $2}'`
logstamp=`stat $logfile --format=%Z`
curtime=`date +%s`
passtime=$(( $curtime - $logstamp ))
if [ $failtime -eq 0 ];then
echo "[OK]账号[$username]正常" > $selflog
else
if [ $failtime -lt $max ];then
echo "[WARN]账号[$username]累计登陆失败$failtime次" > $selflog
elif [ $failtime -ge $max -a $passtime -le $unlocktime ];then
echo "[LOCKED]账号[$username]登陆失败$failtime次,已被锁定,锁定时间 `date --date="@$logstamp" +"%F %T"`" > $selflog
else [ $failtime -ge $max -a $passtime -gt $unlocktime ]
echo "[INFO]已过锁定期,账户[$username]已自动解锁,可以正常登陆。" > $selflog
fi
fi
查看登陆失败信息
cat /var/log/secure|grep "Fail
解决方案:
pam_tally2 -u hbxjmsa --reset
查看所有定时任务
crontab -l
删除所有定时任务
crontab -r
网友评论