My server every day there are thousands of SSH failed attempts, some boring person ever scan, these people are so stupid, have nothing to eat umbrella, old find software where exhaustive scan, so you first want to remember to set a good enough for complex passwords.
How to prevent, if you want a piece of the IP block obviously temporary solution, but fortunately there are software to replace our DenyHosts hand to take care of him. DenyHosts is Python language to write a program that analyzes the sshd log files, when it finds a duplicate attacks will log the IP to/etc/hosts.deny file to automatically ping IP functionality. DenyHosts official website is: http://denyhosts.sourceforge.net following installation records (for example, DenyHosts2.5 CentOS4.3) install # cd/usr/local/src # wgethttp://mesh.dl.sourceforge.net/sourceforge/denyhosts/denyhosts-2.5.tar.gz # tar-zxvfDenyHosts-2.5.tar.gz # cdDenyHosts-2.5 # pythonsetup.pyinstall default is installed to the/usr/share/denyhosts directory. Config # cd/usr/share/denyosts/# cpdenyhosts.cfg-distdenyhosts.cg # videnyhosts.cg according to their need to make the appropriate configuration (explanation see below the file of configuration files) to set the startup script # cpdaemon-control-distdaemon-control # chownrootdaemon-control # chmod700daemon-control finished after daemon-contronstart. #./Daemon-controlstart if DenyHosts each time restart automatically after you make the following settings are: # cd/etc/init.d # ln-s/usr/share/denyhosts/daemon-controldenyosts # chkconfig-adddenyosts # chkconfig-level2345denyhostson or modify the/etc/rc.local file: # vi/etc/rc.local to join the following command/usr/share/denyhosts/daemon-controlstartDenyHosts profile: vi/etc/denyhosts.cSECURE_LOG =/var/log/secure # ssh log file, which is judged on the basis of this document. HOSTS_DENY =/etc/hosts.deny # control user login file PURGE_DENY = 5m # soon after clear already banned BLOCK_SERVICE = ssd # banned service name DENY_THRESHOLD_INVALID = 1 # allows invalid user failed DENY_THRESHOLD_VALID = 10 # allows ordinary users login failed DENY_THRESHOLD_ROOT = 5 # allow root login failed HOSTNAME_LOOKUP = NO # whether domain name inverse ADMIN_EMAIL = & nbspiakuf@163.com # administrator email address, it will give the administrator email DAEMON_LOG =/var/log/denyosts # own log file and then you can start up: servicedenyhoststart can look at whether there is the prohibition in/etc/hosts.deny in IP, there is already a success.
No comments:
Post a Comment