s
nmap介绍 2009-10-14 11:39:07
http://blog.chinaunix.net/uid-291705-id-2134351.html
安全检查机器192.158.0.253开启的所有端口及服务 / port
[root@v-HYe5zbuhzKV ~]# nmap -PT 192.168.0.253
Linux服务器应注意的安全问题-ssh暴力破解--denyhosts解决
http://blog.csdn.net/qiudakun/article/details/5454277
对获取其中的ip地址和数量:# grep -o '[0-9]/{1,3/}/.[0-9]/{1,3/}/.[0-9]/{1,3/}/.[0-9]/{1,3/}' /var/log/secure | sort | uniq -c 怎么样防,如果要一条一条将这些IP阻止显然治标不治本,还好有DenyHosts软件来代替我们手搞定他。 DenyHosts是Python语言写的一个程序,它会分析sshd的日志文件,当发现重复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能。
公布一批最近企图ssh爆破我的服务器的ip-疑似肉鸡
http://blog.csdn.net/embbnux/article/details/41120323
最近发现自己的ssh一直有一些人企图使用ssh暴力破解的方式进行密码破解.就查看了一下,真是网络安全太可怕了. 大家自己的服务器密码还是要设置好,管好,做好最基本的安全措施,不然最后只能沦为肉鸡. ssh登陆日志可以在/var/log下看到,ubuntu的话为auth.log,centos为secure文件 查看那些企图暴力破解的密码的机器的ip
[root@v-HYe5zbuhzKV ~]# cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /usr/local/nginx/html/secure.html
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'
103.41.124.100=900
103.41.124.102=621
103.41.124.103=618
103.41.124.104=45
103.41.124.111=678
103.41.124.112=705
103.41.124.113=324
103.41.124.12=476
103.41.124.13=171
103.41.124.14=1332
103.41.124.17=289
103.41.124.18=369
103.41.124.19=969
103.41.124.20=544
103.41.124.21=996
103.41.124.22=282
103.41.124.24=708
103.41.124.25=657
103.41.124.26=1029
103.41.124.27=363
103.41.124.28=1005
103.41.124.29=1533
103.41.124.30=52
103.41.124.31=687
103.41.124.32=579
103.41.124.33=636
103.41.124.34=678
103.41.124.35=330
103.41.124.36=1026
103.41.124.37=1053
103.41.124.38=615
103.41.124.39=333
103.41.124.40=1222
103.41.124.41=675
103.41.124.43=594
103.41.124.44=1377
103.41.124.45=585
103.41.124.46=249
103.41.124.47=987
103.41.124.48=152
103.41.124.49=1527
103.41.124.50=306
103.41.124.52=1290
103.41.124.54=327
103.41.124.56=600
103.41.124.58=648
103.41.124.59=936
103.41.124.61=714
103.41.124.62=1602
103.41.124.63=595
103.41.124.64=542
103.41.124.65=390
103.41.124.66=345
106.39.222.39=1078
107.160.22.122=17
111.203.22.57=3
111.203.22.73=264
111.74.238.8=2
113.195.145.70=645
113.195.145.79=4020
114.199.121.53=1
114.255.149.210=20
115.231.222.171=119
115.231.222.42=135
115.238.245.222=6
115.238.55.163=827
115.239.228.5=73
115.239.248.205=580
115.239.248.237=370
117.21.191.202=39
117.27.137.107=406
117.79.156.130=15
121.18.10.195=115
122.10.228.192=1446
122.225.103.125=134
122.225.103.73=358
122.225.38.23=55
123.57.134.96=2
123.57.16.135=224
124.156.65.215=1
125.7.10.201=15
137.118.101.159=1
149.129.11.56=1
149.129.128.65=1
149.129.18.234=1
149.129.24.80=1
177.220.129.122=1
180.222.190.48=20
182.100.67.102=336
182.100.67.113=6615
182.100.67.114=363
182.100.67.115=1474
182.100.67.116=12
195.154.167.194=32
200.114.113.122=1
202.101.233.106=224
202.102.135.12=9
202.134.154.141=1
202.85.211.206=754
203.153.30.171=1
210.112.121.241=1062
211.25.3.218=1
213.118.33.20=1
216.150.47.129=1
216.96.84.29=1
218.2.0.120=125
218.2.0.121=163
218.2.0.123=365
218.2.0.128=384
218.2.0.135=381
218.2.0.137=103
218.203.32.171=2
218.203.54.156=40
218.207.20.83=30
218.30.24.156=12
218.60.136.222=79
218.64.17.234=357
218.65.30.107=1017
218.65.30.73=6
218.94.133.185=36
221.226.106.188=144
221.229.160.237=203
221.6.233.62=915
222.161.4.147=23
222.186.15.239=1
222.186.30.165=4784
222.186.31.93=9
222.186.42.206=75
222.186.57.165=92
222.186.58.181=20
222.186.59.100=9
24.168.206.41=1
27.254.44.116=69
41.203.214.92=1
54.93.46.228=128
58.218.204.172=446
58.218.213.238=394
58.59.113.250=2212
59.46.79.86=259
60.173.10.132=815
60.173.12.106=814
60.173.12.98=831
60.173.14.24=827
60.173.26.165=834
60.173.26.173=867
60.173.26.187=756
60.173.26.188=800
60.173.26.206=1023
60.173.9.11=829
60.173.9.184=833
60.173.9.247=13380 安徽省铜陵市 电信
60.210.102.18=224
60.210.102.38=224
60.28.24.238=754
60.55.40.64=378
61.128.110.40=754
61.143.236.193=93
61.147.103.115=924
61.147.103.152=880
61.147.107.109=292
61.147.121.130=33
61.147.80.6=30
61.160.213.165=21
61.160.23.219=15
61.174.48.29=1478
61.174.49.105=3201
61.174.50.149=225
61.174.51.200=9
61.200.23.200=75
61.206.41.210=2
61.237.145.80=12
62.150.107.226=1
62.210.125.142=44
62.210.247.137=2
62.210.88.26=83
64.34.39.111=2
69.50.206.239=3099
72.37.135.56=1
75.86.136.163=1
76.14.116.90=1
76.14.141.24=1
82.98.168.5=47
87.117.185.80=12
91.197.131.15=1
94.136.45.192=69
94.81.232.180=31
am_limits(sshd:session): unknown limit item 'noproc'
http://www.zhanghaijun.com/post/882/
今天查看/var/log/secure日志文件,发现里面出现大量的错误,如下:
[root@localhost log]# cat /var/log/secure|more
Mar 16 00:00:01 localhost crond[11717]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:00:01 localhost crond[11718]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:00:01 localhost crond[11717]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:00:01 localhost crond[11718]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11739]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11738]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11739]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11738]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:02:01 localhost crond[11786]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:02:01 localhost crond[11786]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:03:01 localhost crond[11808]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:03:01 localhost crond[11808]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:04:01 localhost crond[11833]: pam_limits(crond:session): unknown limit item 'noproc'
几乎每分钟都有一到两个,看错误信息应该和limits.conf有关,执行 ulimit -n 看一下当前系统设置的是什么数值。
[root@localhost log]# ulimit -n
65535
打开/etc/security/limits.conf配置文件发现问题
http://dl2.iteye.com/upload/attachment/0105/8887/df698832-94d7-329d-be22-4b81e184effc.jpg
接下来我们看看配置文件中注释是怎么写的,底部画红线的部分
http://dl2.iteye.com/upload/attachment/0105/8889/5a5a4002-fc5c-3f30-811a-16d21e397b45.jpg
* soft noproc 65535
* hard noproc 65535
应该改为
* soft nproc 65535
* hard nproc 65535
才对,至此该错误解决。有碰到和我一样错误的朋友不妨看一下limits.conf文件是否也是这样写的。
linux /etc/hosts.allow和/etc/hosts.deny的配置方法
http://zhidao.baidu.com/question/542303865.html?loc_ans=1369965133
比如ftp 只允许192.168.24. 这个网段的人使用。记住,都是先允许,后拒绝的。也就是先检验是否被允许,然后才检验是否被拒绝。
hosts.allow里面这样写。vsftpd: 192.168.24.*
hosts.deny里面这样写。vsftpd: ALL
end