Linux查看服务器暴力破解ssh IP
<p><span style="font-family: "Microsoft YaHei""> 在公网的服务器上经常遇到别人爆破你服务器的22端口,用来挖矿或者干其他嘿嘿嘿的事情~</span></p><p><span style="font-family: "Microsoft YaHei""> 这种情况下正确的做法是:</span></p>
<ol>
<li><span style="font-family: "Microsoft YaHei"">修改默认ssh的22端口</span></li>
<li><span style="font-family: "Microsoft YaHei"">使用设置密钥登录或者白名单ip登录</span></li>
<li><span style="font-family: "Microsoft YaHei"">建议服务器密码为复杂密码</span></li>
<li><span style="font-family: "Microsoft YaHei"">创建普通用户登录服务器(root权限过大)</span></li>
<li><span style="font-family: "Microsoft YaHei"">建立堡垒机,实现统一管理服务器</span></li>
</ol>
<p><span style="font-family: "Microsoft YaHei""> </span></p>
<p><span style="font-family: "Microsoft YaHei""><strong>统计爆破IP</strong></span></p>
<div class="cnblogs_code">
<pre></pre>
<pre># <span style="font-family: "Microsoft YaHei""><span style="color: rgba(0, 0, 255, 1)">find</span> /var/log -name <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">secure*</span><span style="color: rgba(128, 0, 0, 1)">'</span> -type f | <span style="color: rgba(0, 0, 255, 1)">while</span> read line;<span style="color: rgba(0, 0, 255, 1)">do</span> <span style="color: rgba(0, 0, 255, 1)">awk</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">/Failed/{print $(NF-3)}</span><span style="color: rgba(128, 0, 0, 1)">'</span> $line;<span style="color: rgba(0, 0, 255, 1)">done</span> | <span style="color: rgba(0, 0, 255, 1)">awk</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{a[$0]++}END{for (j in a) if(a > 20) print j"="a}</span><span style="color: rgba(128, 0, 0, 1)">'</span> | <span style="color: rgba(0, 0, 255, 1)">sort</span> -n -t<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">=</span><span style="color: rgba(128, 0, 0, 1)">'</span> -k <span style="color: rgba(128, 0, 128, 1)">2</span></span></pre>
</div>
<p><span style="font-family: "Microsoft YaHei"">使用这条命令统计有多少IP来爆破你的服务器~ </span></p>
<p> </p>
<p><span style="font-family: "Microsoft YaHei""><strong>示范</strong></span></p>
<div class="cnblogs_code">
<pre><span style="font-family: "Microsoft YaHei""># <span style="color: rgba(0, 0, 255, 1)">find </span>/var/log -name <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">secure*</span><span style="color: rgba(128, 0, 0, 1)">'</span> -type f | <span style="color: rgba(0, 0, 255, 1)">while</span> read line;<span style="color: rgba(0, 0, 255, 1)">do</span> <span style="color: rgba(0, 0, 255, 1)">awk</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">/Failed/{print $(NF-3)}</span><span style="color: rgba(128, 0, 0, 1)">'</span> $line;<span style="color: rgba(0, 0, 255, 1)">done</span> | <span style="color: rgba(0, 0, 255, 1)">awk</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{a[$0]++}END{for (j in a) if(a > 20) print j"="a}</span><span style="color: rgba(128, 0, 0, 1)">'</span> | <span style="color: rgba(0, 0, 255, 1)">sort</span> -n -t<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">=</span><span style="color: rgba(128, 0, 0, 1)">'</span> -k <span style="color: rgba(128, 0, 128, 1)">2</span>
<span style="color: rgba(128, 0, 128, 1)">218.92</span>.<span style="color: rgba(128, 0, 128, 1)">0.224</span>=<span style="color: rgba(128, 0, 128, 1)">21</span>
<span style="color: rgba(128, 0, 128, 1)">85.209</span>.<span style="color: rgba(128, 0, 128, 1)">0.252</span>=<span style="color: rgba(128, 0, 128, 1)">21</span>
<span style="color: rgba(128, 0, 128, 1)">218.92</span>.<span style="color: rgba(128, 0, 128, 1)">0.145</span>=<span style="color: rgba(128, 0, 128, 1)">22</span>
<span style="color: rgba(128, 0, 128, 1)">218.92</span>.<span style="color: rgba(128, 0, 128, 1)">0.250</span>=<span style="color: rgba(128, 0, 128, 1)">22</span>
<span style="color: rgba(128, 0, 128, 1)">61.177</span>.<span style="color: rgba(128, 0, 128, 1)">172.128</span>=<span style="color: rgba(128, 0, 128, 1)">22</span>
<span style="color: rgba(128, 0, 128, 1)">85.209</span>.<span style="color: rgba(128, 0, 128, 1)">0.102</span>=<span style="color: rgba(128, 0, 128, 1)">22</span>
<span style="color: rgba(128, 0, 128, 1)">85.209</span>.<span style="color: rgba(128, 0, 128, 1)">0.101</span>=<span style="color: rgba(128, 0, 128, 1)">23</span>
<span style="color: rgba(128, 0, 128, 1)">85.209</span>.<span style="color: rgba(128, 0, 128, 1)">0.253</span>=<span style="color: rgba(128, 0, 128, 1)">23</span>
<span style="color: rgba(128, 0, 128, 1)">112.85</span>.<span style="color: rgba(128, 0, 128, 1)">42.200</span>=<span style="color: rgba(128, 0, 128, 1)">25</span>
<span style="color: rgba(128, 0, 128, 1)">218.92</span>.<span style="color: rgba(128, 0, 128, 1)">0.173</span>=<span style="color: rgba(128, 0, 128, 1)">25</span></span></pre>
</div>
<p><span style="font-family: "Microsoft YaHei"">这些都是我服务器没修改默认端口被爆破的IP!!!</span></p>
<p><span style="font-family: "Microsoft YaHei""> </span></p>
<p><span style="font-family: "Microsoft YaHei""><strong>设置24位随机密码</strong></span></p>
<div class="cnblogs_code">
<pre># <span style="font-family: "Microsoft YaHei"">rootpass=`<span style="color: rgba(0, 0, 255, 1)">date</span> +%s | sha256sum | base64 | <span style="color: rgba(0, 0, 255, 1)">head</span> -c <span style="color: rgba(128, 0, 128, 1)">24</span>` && <span style="color: rgba(0, 0, 255, 1)">echo</span> root:$rootpass | chpasswd && <span style="color: rgba(0, 0, 255, 1)">echo</span> $rootpass</span></pre>
</div>
<p><span style="font-family: "Microsoft YaHei""> </span></p>
<p><strong><span style="font-family: "Microsoft YaHei"">创建普通用户</span></strong></p>
<div class="cnblogs_code">
<p># useradd mikeops<br># passwd mikeops<br>Changing password for user mikeops.<br>New password: <br>Retype new password: <br>passwd: all authentication tokens updated successfully.<br># cd /home/mikeops/<br># pwd<br>/home/mikeops<br>#</p>
</div>
<p>创建了一个普通用户为 mikeops 的用户,家目录在 /home/mikeops 上,默认登录可以使用普通用户登录</p>
<p> </p>
<p><strong>修改ssh默认端口</strong></p>
<div class="cnblogs_code">
<pre># vim /etc/<span style="color: rgba(0, 0, 255, 1)">ssh</span>/<span style="color: rgba(0, 0, 0, 1)">sshd_config
#Port </span><span style="color: rgba(128, 0, 128, 1)">22</span><span style="color: rgba(0, 0, 0, 1)"> #默认端口
Port </span><span style="color: rgba(128, 0, 128, 1)">22876</span><span style="color: rgba(0, 0, 0, 1)"> #修改新的ssh端口
#AddressFamily any
#ListenAddress </span><span style="color: rgba(128, 0, 128, 1)">0.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.0</span><span style="color: rgba(0, 0, 0, 1)">
#ListenAddress ::
HostKey </span>/etc/<span style="color: rgba(0, 0, 255, 1)">ssh</span>/<span style="color: rgba(0, 0, 0, 1)">ssh_host_rsa_key
#HostKey </span>/etc/<span style="color: rgba(0, 0, 255, 1)">ssh</span>/<span style="color: rgba(0, 0, 0, 1)">ssh_host_dsa_key
HostKey </span>/etc/<span style="color: rgba(0, 0, 255, 1)">ssh</span>/<span style="color: rgba(0, 0, 0, 1)">ssh_host_ecdsa_key
HostKey </span>/etc/<span style="color: rgba(0, 0, 255, 1)">ssh</span>/<span style="color: rgba(0, 0, 0, 1)">ssh_host_ed25519_key<br></span></pre>
<p> PermitRootLogin no #设置为禁止root远程登录,默认为yes</p>
<pre><span style="color: rgba(0, 0, 0, 1)"># firewall-cmd --zone=public --add-port=<span style="color: rgba(128, 0, 128, 1)">22876</span>/tcp --<span style="color: rgba(0, 0, 0, 1)">permanent
success
# firewall-cmd --<span style="color: rgba(0, 0, 0, 1)">reload
success
# systemctl restart sshd<br># </pre>
</div>
<p>切记!!!注释22端口之前一定要保证新的ssh端口起来 (22876),新ssh端口起来之后再去注释22默认端口,不然可能会导致连不上服务器的尴尬处境~</p>
<p>设置重启完之后,要使用普通用户登录Linux服务器,如果要切换到 root 用户用命令 su root 输入密码即可</p>
<p>还有也可以设置密钥登录还有白名单、堡垒机这些,本文就不再做过多分享,感谢支持~</p>
<p> </p>
<p>本文分享完毕,感谢支持点赞~~</p><br><br>
来源:https://www.cnblogs.com/mike666/p/13625235.html
頁:
[1]