DeneHosts防止SSH暴力破解

下载DenyHosts-2.6.tar.gz (http://sourceforge.net/projects/denyhosts/?source=dlp)

安装:
    tar zxf DenyHosts-2.6.tar.gz
    cd DenyHosts-2.6/
    python setup.py install

配置:
    cd /usr/share/denyhosts/
    cp daemon-control-dist daemon-control
    grep -v "^#" denyhosts.cfg-dist > denyhosts.cfg
    ln -s /usr/share/denyhosts/daemon-control /etc/init.d/daemon-control
    vi denyhosts.cfg-dist
############################################################
       ############ THESE SETTINGS ARE REQUIRED ############

SECURE_LOG = /var/log/secure

HOSTS_DENY = /etc/hosts.deny

PURGE_DENY = 30m

BLOCK_SERVICE  = sshd

DENY_THRESHOLD_INVALID = 5

DENY_THRESHOLD_VALID = 3

DENY_THRESHOLD_ROOT = 3

DENY_THRESHOLD_RESTRICTED = 1

WORK_DIR = /usr/share/denyhosts/data

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=NO

LOCK_FILE = /var/lock/subsys/denyhosts

       ############ THESE SETTINGS ARE OPTIONAL ############


ADMIN_EMAIL = [email protected]

SMTP_HOST = localhost

SMTP_PORT = 25

SMTP_FROM = DenyHosts <nobody@localhost>

SMTP_SUBJECT = DenyHosts Report

AGE_RESET_VALID=5d

AGE_RESET_ROOT=25d

AGE_RESET_RESTRICTED=25d

AGE_RESET_INVALID=10d

   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########

DAEMON_LOG = /var/log/denyhosts
 
DAEMON_SLEEP = 30s

DAEMON_PURGE = 1h

############################################################

启动服务并验证:
   /etc/init.d/daemon-control start
   使用ssh 192.168.0.97登录三次最后出现:
[root@yangwj ~]# ssh 192.168.0.97
ssh_exchange_identification: Connection closed by remote host
[root@localhost denyhosts]# tail -2 /etc/hosts.deny
# DenyHosts: Sat Mar 31 13:05:09 2012 | sshd: 192.168.0.4
sshd: 192.168.0.4
   邮箱收到信息!

你可能感兴趣的:(DeneHosts防止SSH暴力破解)