登录失败锁定策略配置登录超时策略禁用root远程登录脚本

登录失败锁定策略配置登录超时策略禁用root远程登录脚本

 

[plain] 

#!/bin/sh   

  

  

#set up login timeout   

# 60s donot do any operation,auto cancell  

#  

PROFILE_PATH="/etc/profile"  

tmout=`cat $PROFILE_PATH | grep TMOUT`  

if [ -z "$tmout" ]  

then  

    echo "TMOUT=60" >> /etc/profile  

else  

    sed -i 's/$tmout/TMOUT=60/' $PROFILE_PATH  

fi  

source $PROFILE_PATH  

if [ $? -eq 0 ];then  

    echo "set TMOUT=60 successful!"  

fi  

  

  

#Locking strategies enable to a logon failure  

  

PAM_AUTH_PATH="/etc/pam.d/system-auth"  

system_auth=`cat $PAM_AUTH_PATH | grep pam_tally2.so`  

  

content="auth        required      pam_tally2.so  deny=10  unlock_time=300 even_deny_root root_unlock_time=300"  

  

if [ -z "$system_auth" ]  

then  

   sed -i "3 a{$content}" $PAM_AUTH_PATH  

else  

   sed -i "s/$system_auth/$content/" $PAM_AUTH_PATH  

fi  

  

#Limit the root user login remotely  

  

SSH_CONF="/etc/ssh/sshd_config"  

sed -i "s/^#PermitRootLogin.*/PermitRootLogin no/" $SSH_CONF  

  

service sshd restart