差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

tech:install_denyhosts [2012/09/18 15:37] – 建立 jonathantech:install_denyhosts [2014/04/19 09:27] (目前版本) jonathan
行 1: 行 1:
 +====== CentOS5 安裝 DenyHosts 阻絕 ssh 暴力破解  ======
 +DenyHosts 是透過登入失敗紀錄的來源 ip 來判別是否自動將此 ip 列入黑名單的工具.
  
 +===== 安裝方式 =====
 +  * 先安裝好 [[http://wiki.centos.org/zh-tw/AdditionalResources/Repositories/RPMForge|rpmforge]]
 +  * 透過 yum install 安裝 DenyHosts<code sh>
 +yum install denyhosts
 +</code>
 +
 +===== 設定方式 =====
 +  * vi /etc/denyhosts/denyhosts.cfg<file>
 +:
 +# Redhat or Fedora Core:
 +SECURE_LOG = /var/log/secure
 +:
 +# Most operating systems:
 +HOSTS_DENY = /etc/hosts.deny
 +:
 +# never purge:
 +PURGE_DENY =
 +:
 +# To block only sshd:
 +BLOCK_SERVICE  = sshd
 +:
 +DENY_THRESHOLD_INVALID = 5
 +:
 +DENY_THRESHOLD_VALID = 10
 +:
 +DENY_THRESHOLD_ROOT = 1
 +:
 +DENY_THRESHOLD_RESTRICTED = 1
 +:
 +WORK_DIR = /usr/share/denyhosts/data
 +:
 +SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
 +:
 +# Redhat/Fedora:
 +LOCK_FILE = /var/lock/subsys/denyhosts
 +:
 +#
 +# OPTIONAL Setting...
 +#
 +ADMIN_EMAIL = [email protected]
 +SMTP_HOST = localhost
 +SMTP_PORT = 25
 +#SMTP_USERNAME=foo
 +#SMTP_PASSWORD=bar
 +SMTP_FROM = DenyHosts <nobody@localhost>
 +SMTP_SUBJECT = DenyHosts Report
 +#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
 +:
 +SYSLOG_REPORT=YES
 +#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
 +AGE_RESET_VALID=5d
 +AGE_RESET_ROOT=25d
 +AGE_RESET_RESTRICTED=25d
 +AGE_RESET_INVALID=10d
 +#RESET_ON_SUCCESS = yes
 +:
 +#
 +DAEMON_LOG = /var/log/denyhosts
 +#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
 +#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
 +DAEMON_SLEEP = 30s
 +DAEMON_PURGE = 1h
 +:
 +</file>
 +
 +===== 啟動服務 =====
 +  * 啟動服務<code sh>
 +service denyhosts start
 +</code>
 +  * 檢查運作紀錄<code sh>
 +tail -f /var/log/denyhosts
 +</code><file>
 +[root@xen-server ~]# tail -f /var/log/denyhosts
 +2012-09-18 15:35:31,685 - denyhosts   : INFO     Processing log file (/var/log/secure) from offset (0)
 +2012-09-18 15:35:32,042 - denyhosts   : INFO     new denied hosts: ['122.141.234.42', '49.238.238.37']
 +2012-09-18 15:35:32,146 - denyhosts   : INFO     launching DenyHosts daemon (version 2.6)...
 +2012-09-18 15:35:32,151 - denyhosts   : INFO     DenyHosts daemon is now running, pid: 17906
 +2012-09-18 15:35:32,152 - denyhosts   : INFO     send daemon process a TERM signal to terminate cleanly
 +2012-09-18 15:35:32,152 - denyhosts   : INFO       eg.  kill -TERM 17906
 +2012-09-18 15:35:32,209 - denyhosts   : INFO     monitoring log: /var/log/secure
 +2012-09-18 15:35:32,209 - denyhosts   : INFO     sync_time: 3600
 +2012-09-18 15:35:32,209 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
 +2012-09-18 15:35:32,210 - denyhosts   : INFO     denyhosts synchronization disabled
 +</file>
 +
 +===== 設定白名單 =====
 +當出現不小心打錯密碼被列入黑名單後, 雖然手動去 /etc/hosts.deny 移除, 但不久又被 denyhosts 自動加回時, 需要處理的程序. Exp. 192.168.0.252 被列入黑名單.. <code sh>
 +vi /etc/hosts.allow</code><file>
 +:
 +sshd:   192.168.0.252
 +</file>
 +這樣 192.168.0.252 雖然出現在 /etc/hosts.deny 但仍然可以透過 ssh 連入
 +
 +
 +===== 參考網址 =====
 +  * http://denyhosts.sourceforge.net/
 +  * http://keniver.pixnet.net/blog/post/28577992
 +  * https://www.digitalocean.com/community/articles/how-to-install-denyhosts-on-ubuntu-12-04
 +
 +{{tag>ssh 安裝 資安}}