-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathuser.sh
More file actions
79 lines (58 loc) · 1.59 KB
/
user.sh
File metadata and controls
79 lines (58 loc) · 1.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/bin/bash
apt update
apt install curl wget vim sudo bash-completion tmux fail2ban ufw -y
read -p "新建用户名" User
read -s -p "用户密码" PAss1
echo -e \
read -s -p "再次输入" PAss2
if [ $PAss1 == $PAss2 ];then
PAsss=$PAss1
else
echo 两个密码不一致请重新输入
exit
fi
echo -e \
read -p "是否更改登录端口号--是请输入1,直接回车不更改" numb
if [ $numb -eq 1 ];then
read -p "输入ssh端口号" duank
else
duank=22
fi
useradd -m $User
usermod -aG sudo $User
#echo -e "$PAsss\n$PAsss" | passwd &User
echo "$User:$PAsss" | chpasswd
sed -i 's/\/bin\/sh/\/bin\/bash/g' /etc/passwd
#sed -i '20a\'$User' ALL=(ALL:ALL) NOPASSWD: ALL' /etc/sudoers
sed -i 's/^%sudo[ \t]*ALL=(ALL:ALL) ALL$/%sudo\tALL=(ALL:ALL) NOPASSWD: ALL/' /etc/sudoers
sed -i '/Port/d' /etc/ssh/sshd_config
sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config
sed -i '/PasswordAuthentication/d' /etc/ssh/sshd_config
sed -i '/KbdInteractiveAuthentication/d' /etc/ssh/sshd_config
sed -i '14a\Port '$duank'' /etc/ssh/sshd_config
sed -i '33a\PermitRootLogin no' /etc/ssh/sshd_config
sed -i '62a\PasswordAuthentication yes' /etc/ssh/sshd_config
systemctl restart sshd
cat > /etc/fail2ban/jail.local << EOF
#DEFAULT-START
[DEFAULT]
bantime = 600
findtime = 300
maxretry = 5
banaction = ufw
action = %(action_mwl)s
#DEFAULT-END
[sshd]
ignoreip = 127.0.0.1/8
enabled = true
filter = sshd
port = $duank
maxretry = 5
findtime = 300
bantime = 600
banaction = ufw
action = %(action_mwl)s
logpath = /var/log/auth.log
EOF
systemctl restart fail2ban.service
echo “您的新用户名为 $User 登录端口为 $duank