背景说明
有些用户为了图方便或者初始创建用户默认设置等原因,会将密码设置为与用户名相同,但这就使得非常不安全。甚至如果该用户具有sudo权限,那这服务器就是台肉鸡。所以要检查哪些账号存在这种情况。
对于自动撤销sudo权限可以看这个:【技巧】Ubuntu临时授予用户sudo权限,并在一定时间后自动撤销
开始操作
在你要执行脚本的服务器上先安装库:
代码语言:javascript复制sudo apt install expect -y
sudo apt install sshpass -y编写脚本:
代码语言:javascript复制vim check_user.sh脚本内容(注意,SSH_HOST可以改成其他服务器ip,这样就不需要把脚本复制到每一台服务器上去运行了):
代码语言:javascript复制#!/bin/bash
# 输出文件
OUTPUT_FILE="successful_ssh_logins.txt"
# 清空输出文件
> $OUTPUT_FILE
# 默认值,定义 SSH 主机和端口
SSH_USER="root"
SSH_HOST="127.0.0.1"
SSH_PORT=22
# 在本地机器上获取 IP 地址
MY_IP=$(curl -s http://ipinfo.io/ip)
echo "本地IP地址: $MY_IP"
while getopts ":u:h:p:" opt; do
case $opt in
u) SSH_USER="$OPTARG" ;;
h) SSH_HOST="$OPTARG" ;;
p) SSH_PORT="$OPTARG" ;;
?) echo "Invalid option -$OPTARG" >&2 ;;
:) echo "Option -$OPTARG requires an argument." >&2 ;;
esac
done
# 临时禁用命令历史
original_histfile=$HISTFILE
unset HISTFILE
# 获取密码
read -p "请输入你的SSH密码: " SSHPASS
export SSHPASS
# 登录到服务器并使用 sshpass 添加 fail2ban 白名单, 使用 -S 选项使 sudo 从标准输入读取密码,并使用 echo $SSHPASS 来提供该密码
echo "登录$SSH_HOST添加fail2ban白名单"
sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "
if grep -q '^ignoreip' /etc/fail2ban/jail.local; then
echo $SSHPASS | sudo -S sed -i '/^ignoreip =/ s/$/ $MY_IP/' /etc/fail2ban/jail.local;
elif grep -q '^#ignoreip' /etc/fail2ban/jail.local; then
echo $SSHPASS | sudo -S sed -i 's/^#ignoreip = 127.0.0.1\/8 ::1/ignoreip = 127.0.0.1\/8 ::1 $MY_IP/' /etc/fail2ban/jail.local;
else
echo 'ignoreip = 127.0.0.1/8 ::1 $MY_IP' | echo $SSHPASS | sudo -S tee -a /etc/fail2ban/jail.local;
fi;
echo $SSHPASS | sudo -S service fail2ban restart;
"
# 使用 sshpass 获取/home下的所有用户
USERS=$(sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "ls /home")
# 遍历每个用户
for cUSER in $USERS; do
# 输出当前尝试的用户名
echo ">> [$SSH_HOST]当前尝试登录账户: $cUSER..."
# 使用expect工具自动登录 SSH
LOGIN_RESULT=$(expect -c "
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $cUSER@$SSH_HOST
expect {
# Handle the known hosts warning
"Are you sure you want to continue connecting (yes/no)?" {
send "yesr"
expect "password:"
send "$cUSERr"
}
# Handle the password prompt directly
"password:" {
send "$cUSERr"
}
}
expect {
"Permission denied, please try again." { puts "Failed: $cUSER" }
"$cUSER@" { puts "Success: $cUSER" }
default {
puts "在登录 $cUSER 用户时候遇到了未知错误:"
puts "---"
puts "$expect_out(buffer)"
puts "---"
}
}
" 2>/dev/null)
# 使用expect工具自动切换用户
#LOGIN_RESULT=$(expect -c "
#spawn su - $cUSER
#expect {
# "Password: " {
# send "$cUSERr"
# expect {
# "su: Authentication failure" { puts "Failed: $cUSER" }
# "$USER@" { puts "Success: $cUSER" }
# default { puts "Unknown response for user: $cUSER" }
# }
# }
#}
#" 2>/dev/null)
# 如果成功,输出成功消息
#echo "$LOGIN_RESULT"
if echo "$LOGIN_RESULT" | grep -q "Success"; then
echo "Login successful for user: $cUSER"
echo "$cUSER" >> $OUTPUT_FILE
fi
done
#echo "登录$SSH_HOST解除fail2ban对本机的ban"
#echo $SSHPASS | sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "sudo -S fail2ban-client unban $MY_IP"
# 登录到服务器并使用 sshpass 启动 fail2ban 服务,使用 -S 选项使 sudo 从标准输入读取密码,并使用 echo $SSHPASS 来提供该密码
echo "登录$SSH_HOST移除fail2ban白名单"
sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "
if grep -q '^ignoreip' /etc/fail2ban/jail.local; then
echo $SSHPASS | sudo -S sed -i 's/ $MY_IP//g' /etc/fail2ban/jail.local;
echo $SSHPASS | sudo -S sed -i 's/$MY_IP //g' /etc/fail2ban/jail.local;
fi;
echo $SSHPASS | sudo -S service fail2ban restart;
"
# 删除 SSHPASS 变量,以确保密码不会留在环境中
unset SSHPASS
# 恢复命令历史记录
export HISTFILE=$original_histfile
NUM_SUCCESS=$(wc -l < $OUTPUT_FILE)
echo "脚本已完成, 共查出[$NUM_SUCCESS]个用户, 请检查输出的结果文件: $OUTPUT_FILE ."
echo "$OUTPUT_FILE 文件中的内容为: "
cat $OUTPUT_FILE运行示例:
代码语言:javascript复制sh check_user.shsh check_user.sh -p 8022sh check_user.sh -h xxxxxxsh check_user.sh -h xxxxxx -p 8022sh check_user.sh -u root -h xxxxxx -p 8022结果示例:
修改密码
上面脚本最后得到了用户名和密码相同的账号。现在需要对这些账号修改密码,修改规则为:“原密码@xxx”。
代码语言:javascript复制#!/bin/bash
# 之前的脚本中记录用户名的文件
OUTPUT_FILE="/path/to/your/output/file"
# 使用 SSH 连接到远程服务器
echo $SSHPASS | sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "
while IFS= read -r USER; do
# 构建新密码
NEW_PASS="$USER@xxx"
# 更改密码
echo -e "$USERn$NEW_PASS" | sudo -S passwd $USER
done < $OUTPUT_FILE
"
