防止SSH解除密码的方法(DenyHosts)
<p><a href="https://www.jb51.net/softs/44235.html" target="_blank">DenyHosts</a>是Python语言写的一个程序,它会分析sshd的日志文件,当发现重复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能。<span style="color:#000000"> </span></p><p><span style="font-family:Arial"><span style="color:#000000"> DenyHosts官方网站为:<span><span style="color:#000000"><a href="http://denyhosts.sourceforge.net" target="_blank">http://denyhosts.sourceforge.net</a> 琼殿技术社区下载地址 <a href="https://www.jb51.net/softs/44235.html" target="_blank">https://www.jb51.net/softs/44235.html</a></span></span></span></span></p>
<p><span style="font-family:Arial"> 以下是安装记录(以CentOS 5.1, DenyHosts 2.6 为例)</span> </p>
<p><span style="font-family:Arial"><strong> 安装</strong></span></p>
<p><span style="font-family:Arial"> #wget<br /> <span style="color:#000000">http://nchc.dl.sourceforge.net/....../DenyHosts-2.6-python2.4.noarch.rpm</span><br /> #rpm -ivh DenyHosts-2.6-python2.4.noarch.rpm</span></p>
<p> 给denyhosts做成系统本身的服务</p>
<p> # cd /etc/init.d</p>
<p> # ln -s /usr/share/denyhosts/daemon-control denyhosts</p>
<p> # chkconfig --add denyhosts</p>
<p><span style="font-family:Arial"><strong> 配置</strong></span></p>
<p><span style="font-family:Arial"> 默认是安装到/usr/share/denyhosts目录的。</span></p>
<p><span style="font-family:Arial"> # cd /usr/share/denyhosts/<br /> # cp denyhosts.cfg-dist denyhosts.cfg<br /> # vi denyhosts.cfg<br /> 根据自己需要进行相应的配置(解释见下文件的配置文件) </span></p>
<p><span style="font-family:Arial"> DenyHosts配置文件:</span></p>
<p><span style="font-family:Arial"> SECURE_LOG = /var/log/secure<br /> #ssh <span style="font-family:Arial">日志文件,它是根据这个文件来判断的。</span></span></p>
<p><span style="font-family:Arial"> HOSTS_DENY = /etc/hosts.deny<br /> #<span style="font-family:Arial">控制用户登陆的文件</span></span></p>
<p><span style="font-family:Arial"> PURGE_DENY = 5m<br /> #<span style="font-family:Arial">过多久后清除已经禁止的</span></span></p>
<p><span style="font-family:Arial"> BLOCK_SERVICE = sshd<br /> #<span style="font-family:Arial">禁止的服务名</span></span></p>
<p><span style="font-family:Arial"> DENY_THRESHOLD_INVALID = 1</span></p>
<p><span style="font-family:Arial"> #<span style="font-family:Arial">允许无效用户失败的次数</span></span></p>
<p><span style="font-family:Arial"> DENY_THRESHOLD_VALID = 3<br /> #<span style="font-family:Arial">允许普通用户登陆失败的次数</span></span></p>
<p><span style="font-family:Arial"> DENY_THRESHOLD_ROOT = 5<br /> #<span style="font-family:Arial">允许<span>root</span>登陆失败的次数</span></span></p>
<p><span style="font-family:Arial"> HOSTNAME_LOOKUP=NO<br /> #<span style="font-family:Arial">是否做域名反解</span></span></p>
<p><span style="font-family:Arial"> ADMIN_EMAIL = iakuf@163.com<br /> #<span style="font-family:Arial">管理员邮件地址<span>,</span>它会给管理员发邮件</span></span></p>
<p><span style="font-family:Arial"> DAEMON_LOG = /var/log/denyhosts<br /> #<span style="font-family:Arial">自己的日志文件</span></span></p>
<p><strong> 启动服务</strong></p>
<p> 让他和系统启动时一起启动</p>
<p> #/etc/ini.d/denyhosts start<br /> #chkconfig denyhosts on</p>
<p><span style="font-family:Arial"> 可以用一台电脑远程连接过来测试.如果可以看到<span>/etc/hosts.deny</span>内是否有禁止的IP,有的话说明已经安装成功了。 </span></p>
<p></p>
<p><span> 注.我发现时间deny以后,删除ip的时间不是很准.解决的方法是改变DAEMON_PURGE = 这个的时间.我发现系统删除时间是以他为准.</span></p>
<p><span> DAEMON_PURGE:预设清除:当DenyHosts在预设模式下执行,执行清除机械作用过期最久的HOSTS_DENY,这个会影响PURGE_DENY的间隔。</span></p>
頁:
[1]