CentOS5 安裝 DenyHosts 阻絕 ssh 暴力破解
DenyHosts 是透過登入失敗紀錄的來源 ip 來判別是否自動將此 ip 列入黑名單的工具.
安裝方式
- 先安裝好 rpmforge
- 透過 yum install 安裝 DenyHosts
yum install denyhosts
設定方式
- vi /etc/denyhosts/denyhosts.cfg
: # Redhat or Fedora Core: SECURE_LOG = /var/log/secure : # Most operating systems: HOSTS_DENY = /etc/hosts.deny : # never purge: PURGE_DENY = : # To block only sshd: BLOCK_SERVICE = sshd : DENY_THRESHOLD_INVALID = 5 : DENY_THRESHOLD_VALID = 10 : DENY_THRESHOLD_ROOT = 1 : DENY_THRESHOLD_RESTRICTED = 1 : WORK_DIR = /usr/share/denyhosts/data : SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES : # Redhat/Fedora: LOCK_FILE = /var/lock/subsys/denyhosts : # # OPTIONAL Setting... # ADMIN_EMAIL = [email protected] SMTP_HOST = localhost SMTP_PORT = 25 #SMTP_USERNAME=foo #SMTP_PASSWORD=bar SMTP_FROM = DenyHosts <nobody@localhost> SMTP_SUBJECT = DenyHosts Report #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z : SYSLOG_REPORT=YES #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO AGE_RESET_VALID=5d AGE_RESET_ROOT=25d AGE_RESET_RESTRICTED=25d AGE_RESET_INVALID=10d #RESET_ON_SUCCESS = yes : # DAEMON_LOG = /var/log/denyhosts #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s DAEMON_SLEEP = 30s DAEMON_PURGE = 1h :
啟動服務
- 啟動服務
service denyhosts start
- 檢查運作紀錄
tail -f /var/log/denyhosts
[root@xen-server ~]# tail -f /var/log/denyhosts 2012-09-18 15:35:31,685 - denyhosts : INFO Processing log file (/var/log/secure) from offset (0) 2012-09-18 15:35:32,042 - denyhosts : INFO new denied hosts: ['122.141.234.42', '49.238.238.37'] 2012-09-18 15:35:32,146 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... 2012-09-18 15:35:32,151 - denyhosts : INFO DenyHosts daemon is now running, pid: 17906 2012-09-18 15:35:32,152 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly 2012-09-18 15:35:32,152 - denyhosts : INFO eg. kill -TERM 17906 2012-09-18 15:35:32,209 - denyhosts : INFO monitoring log: /var/log/secure 2012-09-18 15:35:32,209 - denyhosts : INFO sync_time: 3600 2012-09-18 15:35:32,209 - denyhosts : INFO purging of /etc/hosts.deny is disabled 2012-09-18 15:35:32,210 - denyhosts : INFO denyhosts synchronization disabled
設定白名單
當出現不小心打錯密碼被列入黑名單後, 雖然手動去 /etc/hosts.deny 移除, 但不久又被 denyhosts 自動加回時, 需要處理的程序. Exp. 192.168.0.252 被列入黑名單..
vi /etc/hosts.allow
: sshd: 192.168.0.252
這樣 192.168.0.252 雖然出現在 /etc/hosts.deny 但仍然可以透過 ssh 連入