防暴力破解DenyHosts

DenyHosts是用于阻止SSH服务器暴力破解攻击的的脚本,由python编写。
官网:http://denyhosts.sourceforge.net/
下载:http://sourceforge.net/projects/denyhosts/files/

显示代码
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
[root@localhost ~] # cd /opt/
[root@localhost opt] # tar xzvf DenyHosts-2.6.tar.gz
[root@localhost opt] # cd DenyHosts-2.6
[root@localhost DenyHosts-2.6] # python setup.py install
[root@localhost DenyHosts-2.6] # cd /usr/share/denyhosts/
[root@localhost denyhosts] # cp denyhosts.cfg-dist denyhosts.cfg
[root@localhost denyhosts] # cp daemon-control-dist daemon-control
[root@localhost denyhosts] # chown root daemon-control
[root@localhost denyhosts] # chmod 700 daemon-control                      
 
编辑denyhosts.cfg配置文件:
 
SECURE_LOG = /var/log/secure
#如果是针对ssh服务的日志,Centos选择如上;
HOSTS_DENY = /etc/hosts .deny
#调用hosts.deny控制用户登陆
PURGE_DENY = 30m
#禁止时长,既过多久清除禁止;
# m表示分钟;h=表示小时;d表示天;w表示星期;y表示年
BLOCK_SERVICE = sshd
#禁止的服务名
DENY_THRESHOLD_INVALID = 1
#允许无效用户失败的次数
DENY_THRESHOLD_VALID = 5
#允许普通用户登陆失败的次数
DENY_THRESHOLD_ROOT = 3
#允许root登陆失败的次数
HOSTNAME_LOOKUP=NO
#是否做域名反解
ADMIN_EMAIL = [email protected]
#管理员邮件地址,用下面的账户发送邮件通知
SMTP_HOST = mail.mygod.com
SMTP_PORT = 25
SMTP_USERNAME = [email protected]
SMTP_PASSWORD = passwd
SMTP_FROM = DenyHosts
DAEMON_LOG = /var/log/denyhosts
#DenyHosts日志文件存放的路径
                           
[root@localhost denyhosts] # /usr/share/denyhosts/daemon-control start
starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts .py --daemon --config= /usr/share/denyhosts/denyhosts .cfg
  
[root@localhost denyhosts] # more /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
 
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 118.102.2.245
sshd: 118.102.2.245
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 189.19.206.13
sshd: 189.19.206.13
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 125.208.3.9
sshd: 125.208.3.9
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 160.36.29.87
sshd: 160.36.29.87
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 60.220.254.6
sshd: 60.220.254.6
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 202.194.22.245
sshd: 202.194.22.245
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 122.227.15.120
sshd: 122.227.15.120
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 203.130.248.134
sshd: 203.130.248.134
 
[root@localhost # ln -s /usr/share/denyhosts/daemon-control-dist /etc/init.d
[root@localhost # chkconfig daemon-control-dist on
[root@localhost denyhosts] # exit
logout
 
备注:使用前建议给自己常用的IP加入白名单 /etc/hosts .allow;

你可能感兴趣的:(运维)