防暴力破解DenyHosts

DenyHosts是用于阻止SSH服务器暴力破解攻击的的脚本,由python编写。
官网:http://denyhosts.sourceforge.net/
下载:http://sourceforge.net/projects/denyhosts/files/

[root@localhost ~]# cd /opt/
[root@localhost ~]# wget -c http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdenyhosts%2Ffiles%2F&ts=1333000482&use_mirror=cdnetworks-kr-1
[root@localhost opt]# tar xzvf DenyHosts-2.6.tar.gz 
[root@localhost opt]# cd DenyHosts-2.6
[root@localhost DenyHosts-2.6]# python setup.py install
[root@localhost DenyHosts-2.6]# cd /usr/share/denyhosts/
[root@localhost denyhosts]# cp denyhosts.cfg-dist denyhosts.cfg
[root@localhost denyhosts]# cp daemon-control-dist daemon-control
[root@localhost denyhosts]# chown root daemon-control
[root@localhost denyhosts]# chmod 700 daemon-control                       

编辑denyhosts.cfg配置文件:

SECURE_LOG = /var/log/secure
#如果是针对ssh服务的日志,Centos选择如上;
HOSTS_DENY = /etc/hosts.deny
#调用hosts.deny控制用户登陆
PURGE_DENY = 30m
#禁止时长,既过多久清除禁止;
# m表示分钟;h=表示小时;d表示天;w表示星期;y表示年
BLOCK_SERVICE = sshd
#禁止的服务名
DENY_THRESHOLD_INVALID = 1
#允许无效用户失败的次数
DENY_THRESHOLD_VALID = 5
#允许普通用户登陆失败的次数
DENY_THRESHOLD_ROOT = 3
#允许root登陆失败的次数
HOSTNAME_LOOKUP=NO
#是否做域名反解
ADMIN_EMAIL = kefu@mygod.com
#管理员邮件地址,用下面的账户发送邮件通知
SMTP_HOST = mail.mygod.com
SMTP_PORT = 25
SMTP_USERNAME = user@mygod.com
SMTP_PASSWORD = passwd
SMTP_FROM = DenyHosts
DAEMON_LOG = /var/log/denyhosts
#DenyHosts日志文件存放的路径
                          
[root@localhost denyhosts]# /usr/share/denyhosts/daemon-control start
starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
 
[root@localhost denyhosts]# more /etc/hosts.deny 
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 118.102.2.245
sshd: 118.102.2.245
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 189.19.206.13
sshd: 189.19.206.13
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 125.208.3.9
sshd: 125.208.3.9
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 160.36.29.87
sshd: 160.36.29.87
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 60.220.254.6
sshd: 60.220.254.6
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 202.194.22.245
sshd: 202.194.22.245
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 122.227.15.120
sshd: 122.227.15.120
# DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 203.130.248.134
sshd: 203.130.248.134

[root@localhost# ln -s /usr/share/denyhosts/daemon-control-dist /etc/init.d
[root@localhost# chkconfig daemon-control-dist on
[root@localhost denyhosts]# exit
logout

备注:使用前建议给自己常用的IP加入白名单/etc/hosts.allow;

One Reply to “防暴力破解DenyHosts”

发表评论

电子邮件地址不会被公开。 必填项已用*标注