DenyHosts防暴力破解SSH密码
13 年 ago jony DenyHosts防暴力破解SSH密码已关闭评论
DenyHosts,它是用Python2.3写的一个程序,它会分析/var/log/secure等日志文件,当发现同一IP在进行多次SSH密码尝试时就会记录IP到/etc/hosts.deny文件,从而达到自动屏蔽该IP的目的。DenyHosts官方网站为:http://denyhosts.sourceforge.net
①检查安装条件
1、首先判断系统安装的sshd是否支持tcp_wrappers(默认都支持)
# ldd /usr/sbin/sshd libwrap.so.0 => /usr/lib/libwrap.so.0 (0x0046e000)
2、判断默认安装的Python版本
# python -V Python 2.3.4
3、已安装Python2.3以上版本的情况可以直接安装DenyHosts
# cd /usr/local/src # wget http://jaist.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz # tar zxf DenyHosts-2.6.tar.gz # cd DenyHosts-2.6 # python setup.py install
程序脚本自动安装到/usr/share/denyhosts
库文件自动安装到/usr/lib/python2.3/site-packages/DenyHosts
denyhosts.py自动安装到/usr/bin
②设置启动脚本
# cd /usr/share/denyhosts/ # cp daemon-control-dist daemon-control # chown root daemon-control # chmod 700 daemon-control # grep -v "^#" denyhosts.cfg-dist > denyhosts.cfg # vi denyhosts.cfg
根据自己需要进行相应的修改
denyhosts.cfg
SECURE_LOG = /var/log/secure #RedHat/Fedora Core分析该日志文件 #其它版本linux根据denyhosts.cfg-dist内提示选择。 PURGE_DENY = 30m #过多久后清除 DENY_THRESHOLD_INVALID = 1 #允许无效用户(/etc/passwd未列出)登录失败的次数 DENY_THRESHOLD_VALID = 5 #允许有效(普通)用户登录失败的次数 DENY_THRESHOLD_ROOT = 3 #允许root登录失败的次数 HOSTNAME_LOOKUP=NO #是否做域名反解
如果需要DenyHosts随系统重启而自动启动,还需做如下设置:
# vi /etc/rc.local
加入下面这条命令
/usr/share/denyhosts/daemon-control start
③启动
# /usr/share/denyhosts/daemon-control start
如果要使DenyHosts每次重起后自动启动还需做如下设置:
# cd /etc/init.d # ln -s /usr/share/denyhosts/daemon-control denyhosts # chkconfig --add denyhosts # chkconfig --level 345 denyhosts on
然后就可以启动了:
service denyhosts start
DenyHosts配置文件:
vi /etc/denyhosts.cfg
SECURE_LOG = /var/log/secure #ssh日志文件,它是根据这个文件来判断的。 HOSTS_DENY = /etc/hosts.deny #控制用户登陆的文件 PURGE_DENY = 5m#过多久后清除已经禁止的 BLOCK_SERVICE = sshd#禁止的服务名 DENY_THRESHOLD_INVALID = 1#允许无效用户失败的次数 DENY_THRESHOLD_VALID = 10#允许普通用户登陆失败的次数 DENY_THRESHOLD_ROOT = 5#允许root登陆失败的次数 HOSTNAME_LOOKUP=NO#是否做域名反解 DAEMON_LOG = /var/log/denyhosts#自己的日志文件 ADMIN_EMAIL = yuhongchun027@163.com#管理员邮件地址,它会给管理员发邮件
下面这个是全自动下载安装的小脚本(推荐),当然安装后还得手动调整配置文件。install_denyhosts.sh脚本内容如下:
#!/bin/bash cd /usr/local/src wget http://jaist.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz tar zxf DenyHosts-2.6.tar.gz cd DenyHosts-2.6 python setup.py install cd /usr/share/denyhosts/ cp daemon-control-dist daemon-control chown root daemon-control chmod 700 daemon-control grep -v "^#" denyhosts.cfg-dist > denyhosts.cfg echo "/usr/share/denyhosts/daemon-control start" >>/etc/rc.local cd /etc/init.d ln -s /usr/share/denyhosts/daemon-control denyhosts chkconfig --add denyhosts chkconfig --level 345 denyhosts on service denyhosts start
下面是hostsdeny的示例:
Connection to 192.168.0.154 closed. [root@autolemp ~]# ssh 192.168.0.154 root@192.168.0.154's password: Permission denied, please try again. root@192.168.0.154's password: Permission denied, please try again. root@192.168.0.154's password: Permission denied (publickey,gssapi-with-mic,password)
