九乡新闻网谢正义 省委常委人选:DenyHosts
来源:百度文库 编辑:九乡新闻网 时间:2024/07/14 07:11:28
DenyHosts
编辑本段DenyHosts介绍
DenyHosts是Python语言写的一个程序,它会分析sshd的日志文件(/var/log/secure),当发现重 复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能。编辑本段DenyHosts应用
当你的linux服务器暴露在互联网之中,该服务器将会遭到互联网上的扫描软件进行骚描,并试图猜测SSH登录口令。 你会发现,每天会有多条SSH登录失败纪录。那些扫描工具将对你的服务器构成威胁,你必须设置复杂登录口令,并将尝试多次登录失败的IP给阻止掉,让其在一段时间内不能访问该服务器。 用DenyHosts可以阻止试图猜测SSH登录口令,它会分析/var/log/secure等日志文件,当发现同一IP在进行多次SSH密码尝试时就会记录IP到/etc/hosts.deny文件,从而达到自动屏蔽该IP的目的。编辑本段DenyHosts安装和配置
DenyHosts安装 #wget 官网下载最新版目前是2.6 # tar -zxvf DenyHosts-2.6.tar.gz //解压 # cd DenyHosts-2.6 //切换到目录 # python setup..py install //进行安装 注意,由于百科不能通过,所以应该是一个.,去掉中间一个点 DenyHosts参数配置 # cd /usr/share/denyhosts/ #DenyHosts默认安装目录 # cp denyhosts.cfg-dist denyhosts.cfg # vi denyhosts.cfg #DenyHosts配置文件 SECURE_LOG = /var/log/secure #ssh日志文件 # format is: i[dhwmy] # Where i is an integer (eg. 7) # m = minutes # h = hours # d = days # w = weeks # y = years # # never purge: PURGE_DENY = 50m #过多久后清除已阻止IP HOSTS_DENY = /etc/hosts.deny #将阻止IP写入到hosts.deny BLOCK_SERVICE = sshd #阻止服务名 DENY_THRESHOLD_INVALID = 1 #允许无效用户登录失败的次数 DENY_THRESHOLD_VALID = 10 #允许普通用户登录失败的次数 DENY_THRESHOLD_ROOT = 5 #允许root登录失败的次数 WORK_DIR = /usr/local/share/denyhosts/data #将deny的host或ip纪录到Work_dir中 DENY_THRESHOLD_RESTRICTED = 1 #设定 deny host 写入到该资料夹 LOCK_FILE = /var/lock/subsys/denyhosts #将DenyHOts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。 HOSTNAME_LOOKUP=NO #是否做域名反解 ADMIN_EMAIL = #设置管理员邮件地址 DAEMON_LOG = /var/log/denyhosts #自己的日志文件 DAEMON_PURGE = 10m #该项与PURGE_DENY 设置成一样,也是清除hosts.deniedssh 用户的时间。 DenyHosts启动文件配置 # cp daemon-control-dist daemon-control # chown root daemon-control # chmod 700 daemon-control # ./daemon-control start #启动DenyHosts 加入到自动重启 # vi /etc/rc.local 加入下面这条命令 /usr/share/denyhosts/daemon-control start 查看攻击ip 记录 # vi /etc/hosts.deny#bk-album-collection-box-5359630{width:687px; height:228px; border:1px solid #C6E1F5; border-top:2px solid #268BD7; margin-bottom:30px; overflow:hidden;}.bacb-head{height:28px; background-color:#F5FBFF; padding-left:10px; position:relative;}.bacb-title{font-size:14px; font-weight:bold; line-height:28px;}.bacb-more{text-decoration:none; position:absolute; font-size:12px; line-height:1; line-height:14px \9; top:8px; right:8px; padding-right:9px; padding-right:11px; background:url("http://img.baidu.com/img/baike/s/arr.gif") no-repeat 54px -22px; background-position:54px -23px \9;}.bacb-more:hover{text-decoration:none;}#bacb-left-btn-5359630, .bacb-window-outer, #bacb-right-btn-5359630{float:left;}#bacb-left-btn-5359630, #bacb-right-btn-5359630{display:block; text-decoration:none; border:1px solid #FFF; width:17px; height:53px; background:url(http://img.baidu.com/img/baike/bkalbumbtn.gif) no-repeat; cursor:default;}#bacb-left-btn-5359630{margin:59px 3px 0 6px; _margin-left:3px; background-position:3px 16px;}#bacb-right-btn-5359630{margin:59px 5px 0 6px; background-position:-27px 16px;}#bacb-left-btn-5359630.enable:hover{background-position:-61px 16px; border:1px solid #DDD; cursor:pointer;}#bacb-right-btn-5359630.enable:hover{background-position:-91px 16px; border:1px solid #DDD; cursor:pointer;}.bacb-window-outer{width:628px; height:185px; position:relative; overflow:hidden; margin-top:15px;}#bacb-window-inner-5359630{position:absolute; top:0; left:0; padding-left:6px; _padding-top:1px;}#bacb-window-inner-5359630 .item{float:left; width:156px; height:195px;}#bacb-window-inner-5359630 .img{height:145px; position:relative;}#bacb-window-inner-5359630 .img .b1, #bacb-window-inner-5359630 .img .b2, #bacb-window-inner-5359630 .img .b3, #bacb-window-inner-5359630 .img .img-wrapper{position:absolute; background-color:#FFF;}#bacb-window-inner-5359630 .img .b1{left:0; bottom:0; border:1px solid #CDCDCD;}#bacb-window-inner-5359630 .img .b2{left:3px; bottom:3px; border:1px solid #CDCDCD;}#bacb-window-inner-5359630 .img .b3{left:6px; bottom:6px; border:1px solid #AAA;}#bacb-window-inner-5359630 .img .img-wrapper{left:9px; bottom:9px; display:block; text-decoration:none; line-height:1px;}#bacb-window-inner-5359630 .item .desc{text-align:center; font-family:宋体; width:145px; margin-top:7px; font-size:12px; line-height:1; line-height:14px \9;}#bacb-window-inner-5359630 .item .count{color:#999; white-space:nowrap;}词条图册更多图册- 扩展阅读:
- 1
DenyHosts官方网站为:http://denyhosts.sourceforge.net
- 1