|
DenyHosts是用Python语言编写的一个程序,它会分析你的安全登陆日志文件,当发现重复的错误登录时就会记录IP到/etc/hosts.deny文件,然后自动屏蔽IP.功能非常的不错。主要针对ssh/ftp.本文只是测试了ssh。 以下下是安装过程 (环境CentOS 5.4, DenyHosts 2.6) cd /usr/local/src wget http://ncu.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz tar zxvf DenyHosts-2.6 cd DenyHosts-2.6 python setup.py install 修改配置文件 cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg vi /usr/share/denyhosts/denyhosts.cfg 配置文件的修改 1、#日志文件,根据这个文件来判断 SECURE_LOG = /var/log/secure 2、#记录屏蔽的IP文件 HOSTS_DENY = /etc/hosts.deny 3、#多久清除屏蔽的IP,我设置一天 PURGE_DENY = 1d 4、#禁止的服务,我设置为全部,禁止登录SSH,也可以填ALL,包括SSH和FTP BLOCK_SERVICE = SSH 5、#允许无效用户失败的数次 DENY_THRESHOLD_INVALID = 1 6、#允许普通用户失败的次数 DENY_THRESHOLD_VALID = 3 7、#允许root用户失败的次数 DENY_THRESHOLD_ROOT = 3 8、#是否做域名反解析 HOSTNAME_LOOKUP=NO 9、#管理员Email ADMIN_EMAIL = 可以根据以上提示,对应的修改成您需要的就可以了。 设置启动脚本: cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control chown root /usr/share/denyhosts/daemon-control chmod 755 /usr/share/denyhosts/daemon-control ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts chkconfig –level 345 denyhosts on 启动denyhosts service denyhosts start 测试情况: xp+ssh secure shell 连接centos 5.4 测试通过 windows2003+ssh secure shell 连接centos 5.4 测试通过 centos 5.4 连接 centos5.4 测试通过 测试结果: [root@testserver DenyHosts-2.6]# cat /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the ‘/usr/sbin/tcpd’ server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! # DenyHosts: Sat Oct 30 18:50:55 2010 | sshd: 210.*.16.*3 sshd: 210.*.16.*3 # DenyHosts: Sat Oct 30 18:52:25 2010 | sshd: 218.79.101.250 sshd: 218.79.101.250 # DenyHosts: Sat Oct 30 18:58:55 2010 | sshd: 2*.93.*.60 sshd: 2*.93.*.60 (责任编辑:IT) |