CentOS5 安裝 DenyHosts 阻絕 ssh 暴力破解

DenyHosts 是透過登入失敗紀錄的來源 ip 來判別是否自動將此 ip 列入黑名單的工具.

  • 先安裝好 rpmforge
  • 透過 yum install 安裝 DenyHosts
    yum install denyhosts
  • vi /etc/denyhosts/denyhosts.cfg
    :
    # Redhat or Fedora Core:
    SECURE_LOG = /var/log/secure
    :
    # Most operating systems:
    HOSTS_DENY = /etc/hosts.deny
    :
    # never purge:
    PURGE_DENY =
    :
    # To block only sshd:
    BLOCK_SERVICE  = sshd
    :
    DENY_THRESHOLD_INVALID = 5
    :
    DENY_THRESHOLD_VALID = 10
    :
    DENY_THRESHOLD_ROOT = 1
    :
    DENY_THRESHOLD_RESTRICTED = 1
    :
    WORK_DIR = /usr/share/denyhosts/data
    :
    SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
    :
    # Redhat/Fedora:
    LOCK_FILE = /var/lock/subsys/denyhosts
    :
    #
    # OPTIONAL Setting...
    #
    ADMIN_EMAIL = [email protected]
    SMTP_HOST = localhost
    SMTP_PORT = 25
    #SMTP_USERNAME=foo
    #SMTP_PASSWORD=bar
    SMTP_FROM = DenyHosts <nobody@localhost>
    SMTP_SUBJECT = DenyHosts Report
    #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
    :
    SYSLOG_REPORT=YES
    #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
    AGE_RESET_VALID=5d
    AGE_RESET_ROOT=25d
    AGE_RESET_RESTRICTED=25d
    AGE_RESET_INVALID=10d
    #RESET_ON_SUCCESS = yes
    :
    #
    DAEMON_LOG = /var/log/denyhosts
    #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
    #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
    DAEMON_SLEEP = 30s
    DAEMON_PURGE = 1h
    :
  • 啟動服務
    service denyhosts start
  • 檢查運作紀錄
    tail -f /var/log/denyhosts
    [root@xen-server ~]# tail -f /var/log/denyhosts
    2012-09-18 15:35:31,685 - denyhosts   : INFO     Processing log file (/var/log/secure) from offset (0)
    2012-09-18 15:35:32,042 - denyhosts   : INFO     new denied hosts: ['122.141.234.42', '49.238.238.37']
    2012-09-18 15:35:32,146 - denyhosts   : INFO     launching DenyHosts daemon (version 2.6)...
    2012-09-18 15:35:32,151 - denyhosts   : INFO     DenyHosts daemon is now running, pid: 17906
    2012-09-18 15:35:32,152 - denyhosts   : INFO     send daemon process a TERM signal to terminate cleanly
    2012-09-18 15:35:32,152 - denyhosts   : INFO       eg.  kill -TERM 17906
    2012-09-18 15:35:32,209 - denyhosts   : INFO     monitoring log: /var/log/secure
    2012-09-18 15:35:32,209 - denyhosts   : INFO     sync_time: 3600
    2012-09-18 15:35:32,209 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
    2012-09-18 15:35:32,210 - denyhosts   : INFO     denyhosts synchronization disabled

當出現不小心打錯密碼被列入黑名單後, 雖然手動去 /etc/hosts.deny 移除, 但不久又被 denyhosts 自動加回時, 需要處理的程序. Exp. 192.168.0.252 被列入黑名單..

vi /etc/hosts.allow
:
sshd:   192.168.0.252

這樣 192.168.0.252 雖然出現在 /etc/hosts.deny 但仍然可以透過 ssh 連入

  • tech/install_denyhosts.txt
  • 上一次變更: 2014/04/19 09:27
  • jonathan