使用denyhosts以防止SSH被暴力破解
时间:2015-02-25 01:27 来源:linux.it.net.cn 作者:IT
DenyHosts是用Python语言编写的一个程序,它会分析你的安全登陆日志文件,当发现重复的错误登录时就会记录IP到/etc/hosts.deny文件,然后自动屏蔽IP.功能非常的不错。主要针对ssh/ftp.本文只是测试了ssh。
以下下是安装过程 (环境CentOS 5.4, DenyHosts 2.6)
cd /usr/local/src
wget http://ncu.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
tar zxvf DenyHosts-2.6
cd DenyHosts-2.6
python setup.py install
修改配置文件
cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg
vi /usr/share/denyhosts/denyhosts.cfg
配置文件的修改
1、#日志文件,根据这个文件来判断
SECURE_LOG = /var/log/secure
2、#记录屏蔽的IP文件
HOSTS_DENY = /etc/hosts.deny
3、#多久清除屏蔽的IP,我设置一天
PURGE_DENY = 1d
4、#禁止的服务,我设置为全部,禁止登录SSH,也可以填ALL,包括SSH和FTP
BLOCK_SERVICE = SSH
5、#允许无效用户失败的数次
DENY_THRESHOLD_INVALID = 1
6、#允许普通用户失败的次数
DENY_THRESHOLD_VALID = 3
7、#允许root用户失败的次数
DENY_THRESHOLD_ROOT = 3
8、#是否做域名反解析
HOSTNAME_LOOKUP=NO
9、#管理员Email
ADMIN_EMAIL =
可以根据以上提示,对应的修改成您需要的就可以了。
设置启动脚本:
cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control
chown root /usr/share/denyhosts/daemon-control
chmod 755 /usr/share/denyhosts/daemon-control
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig –level 345 denyhosts on
启动denyhosts
service denyhosts start
测试情况:
xp+ssh secure shell 连接centos 5.4 测试通过
windows2003+ssh secure shell 连接centos 5.4 测试通过
centos 5.4 连接 centos5.4 测试通过
测试结果:
[root@testserver DenyHosts-2.6]# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
# DenyHosts: Sat Oct 30 18:50:55 2010 | sshd: 210.*.16.*3
sshd: 210.*.16.*3
# DenyHosts: Sat Oct 30 18:52:25 2010 | sshd: 218.79.101.250
sshd: 218.79.101.250
# DenyHosts: Sat Oct 30 18:58:55 2010 | sshd: 2*.93.*.60
sshd: 2*.93.*.60
(责任编辑:IT)
| DenyHosts是用Python语言编写的一个程序,它会分析你的安全登陆日志文件,当发现重复的错误登录时就会记录IP到/etc/hosts.deny文件,然后自动屏蔽IP.功能非常的不错。主要针对ssh/ftp.本文只是测试了ssh。 以下下是安装过程 (环境CentOS 5.4, DenyHosts 2.6) cd /usr/local/src wget http://ncu.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz tar zxvf DenyHosts-2.6 cd DenyHosts-2.6 python setup.py install 修改配置文件 cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg vi /usr/share/denyhosts/denyhosts.cfg 配置文件的修改 1、#日志文件,根据这个文件来判断 SECURE_LOG = /var/log/secure 2、#记录屏蔽的IP文件 HOSTS_DENY = /etc/hosts.deny 3、#多久清除屏蔽的IP,我设置一天 PURGE_DENY = 1d 4、#禁止的服务,我设置为全部,禁止登录SSH,也可以填ALL,包括SSH和FTP BLOCK_SERVICE = SSH 5、#允许无效用户失败的数次 DENY_THRESHOLD_INVALID = 1 6、#允许普通用户失败的次数 DENY_THRESHOLD_VALID = 3 7、#允许root用户失败的次数 DENY_THRESHOLD_ROOT = 3 8、#是否做域名反解析 HOSTNAME_LOOKUP=NO 9、#管理员Email ADMIN_EMAIL = 可以根据以上提示,对应的修改成您需要的就可以了。 设置启动脚本: cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control chown root /usr/share/denyhosts/daemon-control chmod 755 /usr/share/denyhosts/daemon-control ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts chkconfig –level 345 denyhosts on 启动denyhosts service denyhosts start 测试情况: xp+ssh secure shell 连接centos 5.4 测试通过 windows2003+ssh secure shell 连接centos 5.4 测试通过 centos 5.4 连接 centos5.4 测试通过 测试结果: [root@testserver DenyHosts-2.6]# cat /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the ‘/usr/sbin/tcpd’ server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! # DenyHosts: Sat Oct 30 18:50:55 2010 | sshd: 210.*.16.*3 sshd: 210.*.16.*3 # DenyHosts: Sat Oct 30 18:52:25 2010 | sshd: 218.79.101.250 sshd: 218.79.101.250 # DenyHosts: Sat Oct 30 18:58:55 2010 | sshd: 2*.93.*.60 sshd: 2*.93.*.60 (责任编辑:IT) |