Shulou(Shulou.com)06/01 Report--

Case study: recently started a new project, in order to ensure the safety of the project. I made a zabbix to check ssh and log in to ip, which I would like to share with you.

Steps:

Custom zabbix checks the key of ssh login ip

Cat / etc/zabbix/zabbix_agentd.d/sanguo_check_ssh.conf

UserParameter=sanguo.check.ssh, who | wc-l # the function here is to check how many terminals ssh has logged in

Restart zabbix_agentd

Write a script to check ssh login to ip

Create a template on zabbix

Create the application, application create the monitoring item item

Custom key

Cat sanguo_check_ssh.conf

UserParameter=sanguo.check.ssh, who | wc-l

The main function here is to define the time range of monitoring.

Create trigger

The main function here is to check the number of login terminals in ssh, and trigger the alarm if it is not 0.

Create actions

When the ssh login terminal is not zero at a specific time, it triggers the script, kicks off the login ssh and adds ip to the firewall

The script is executed here to add zabbix to sudo permissions. Zabbix customer profile enables support for remote commands EnableRemoteCommands=1

We're done here.

Here, I'll upload the template.

The script to check ssh login is as follows: #! / bin/bash ip= `w | awk'/ user / {print $3}'`w | awk'/ user / {print $2}'| xargs-I pkill-kill-t {} for IP in $ip do if [$IP = = "ip"] Then echo "attention:The invasion from $IP of office" | mail-s "attention,please check" 13651602471@139.com else iptables-I INPUT 1-s $IP-j DROP echo "attention:The invasion from $IP of outside" | mail-s "attention,please check" 13651602471@139.com fi done attachment: http://down.51cto.com/data/2367644

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.