差異處

這裏顯示兩個版本的差異處。

--- tech:install_denyhosts [2012/09/18 15:37] – 建立 jonathan
+++ tech:install_denyhosts [2014/04/19 09:27] (目前版本) – jonathan
@@ 行 1: / 行 1: @@
+====== CentOS5 安裝 DenyHosts 阻絕 ssh 暴力破解  ======
+DenyHosts 是透過登入失敗紀錄的來源 ip 來判別是否自動將此 ip 列入黑名單的工具.
+===== 安裝方式 =====
+  * 先安裝好 [[http://wiki.centos.org/zh-tw/AdditionalResources/Repositories/RPMForge|rpmforge]]
+  * 透過 yum install 安裝 DenyHosts<code sh>
+yum install denyhosts
+</code>
+===== 設定方式 =====
+  * vi /etc/denyhosts/denyhosts.cfg<file>
+:
+# Redhat or Fedora Core:
+SECURE_LOG = /var/log/secure
+:
+# Most operating systems:
+HOSTS_DENY = /etc/hosts.deny
+:
+# never purge:
+PURGE_DENY =
+:
+# To block only sshd:
+BLOCK_SERVICE  = sshd
+:
+DENY_THRESHOLD_INVALID = 5
+:
+DENY_THRESHOLD_VALID = 10
+:
+DENY_THRESHOLD_ROOT = 1
+:
+DENY_THRESHOLD_RESTRICTED = 1
+:
+WORK_DIR = /usr/share/denyhosts/data
+:
+SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
+:
+# Redhat/Fedora:
+LOCK_FILE = /var/lock/subsys/denyhosts
+:
+#
+# OPTIONAL Setting...
+#
+ADMIN_EMAIL = [email protected]
+SMTP_HOST = localhost
+SMTP_PORT = 25
+#SMTP_USERNAME=foo
+#SMTP_PASSWORD=bar
+SMTP_FROM = DenyHosts <nobody@localhost>
+SMTP_SUBJECT = DenyHosts Report
+#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
+:
+SYSLOG_REPORT=YES
+#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
+AGE_RESET_VALID=5d
+AGE_RESET_ROOT=25d
+AGE_RESET_RESTRICTED=25d
+AGE_RESET_INVALID=10d
+#RESET_ON_SUCCESS = yes
+:
+#
+DAEMON_LOG = /var/log/denyhosts
+#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
+#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
+DAEMON_SLEEP = 30s
+DAEMON_PURGE = 1h
+:
+</file>
+===== 啟動服務 =====
+  * 啟動服務<code sh>
+service denyhosts start
+</code>
+  * 檢查運作紀錄<code sh>
+tail -f /var/log/denyhosts
+</code><file>
+[root@xen-server ~]# tail -f /var/log/denyhosts
+-09-18 15:35:31,685 - denyhosts   : INFO     Processing log file (/var/log/secure) from offset (0)
+-09-18 15:35:32,042 - denyhosts   : INFO     new denied hosts: ['122.141.234.42', '49.238.238.37']
+-09-18 15:35:32,146 - denyhosts   : INFO     launching DenyHosts daemon (version 2.6)...
+-09-18 15:35:32,151 - denyhosts   : INFO     DenyHosts daemon is now running, pid: 17906
+-09-18 15:35:32,152 - denyhosts   : INFO     send daemon process a TERM signal to terminate cleanly
+-09-18 15:35:32,152 - denyhosts   : INFO       eg.  kill -TERM 17906
+-09-18 15:35:32,209 - denyhosts   : INFO     monitoring log: /var/log/secure
+-09-18 15:35:32,209 - denyhosts   : INFO     sync_time: 3600
+-09-18 15:35:32,209 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
+-09-18 15:35:32,210 - denyhosts   : INFO     denyhosts synchronization disabled
+</file>
+===== 設定白名單 =====
+當出現不小心打錯密碼被列入黑名單後, 雖然手動去 /etc/hosts.deny 移除, 但不久又被 denyhosts 自動加回時, 需要處理的程序. Exp. 192.168.0.252 被列入黑名單.. <code sh>
+vi /etc/hosts.allow</code><file>
+:
+sshd:   192.168.0.252
+</file>
+這樣 192.168.0.252 雖然出現在 /etc/hosts.deny 但仍然可以透過 ssh 連入
+===== 參考網址 =====
+  * http://denyhosts.sourceforge.net/
+  * http://keniver.pixnet.net/blog/post/28577992
+  * https://www.digitalocean.com/community/articles/how-to-install-denyhosts-on-ubuntu-12-04
+{{tag>ssh 安裝 資安}}