今天登陆服务器,就看见提示信息.
There were 8925 failed login attempts since the last successful login.
牛牪犇逼啊
果断改了ssh的端口
vim /etc/ssh/sshd_conf
Port 22 #修改端口号
systemctl restart sshd #重启服务
无意间又看到DenyHosts这个小东西
yum安装,嗯,没有包.之后手动下载rpm了
wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el7/en/x86_64/rpmforge/RPMS/denyhosts-2.6-5.el7.rf.noarch.rpm
rpm -ivh denyhosts-2.6-5.el7.rf.noarch.rpm
systemctl start denyhosts
systemctl enable denyhosts.service
systemctl status denyhosts
另附偷来的配置文件
# grep -Ev '^#|^$' /etc/denyhosts.conf
############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 4w // ip被禁止之后,多久可以释放(w表示周,d表示天,h表示小时,m表示分钟)
BLOCK_SERVICE = sshd // 检测的服务
DENY_THRESHOLD_INVALID = 5 // 无效用户尝试次数之后即被锁定
DENY_THRESHOLD_VALID = 10 // 有效普通用户尝试次数
DENY_THRESHOLD_ROOT = 1 // root用户尝试次数
DENY_THRESHOLD_RESTRICTED = 1 // 设定denyhosts将数据写入到/etc/hosts.deny文件中
WORK_DIR = /var/lib/denyhosts //denyhosts工作数据目录
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES // 域名解析
LOCK_FILE = /var/lock/subsys/denyhosts
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = root
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]
AGE_RESET_VALID=5d //普通有效用户登陆计数清零时间
AGE_RESET_ROOT=25d //root用户登陆计数清零时间
AGE_RESET_RESTRICTED=25d // /etc/hosts.deny文件清除数据时间
AGE_RESET_INVALID=10d
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
######### THESE SETTINGS ARE SPECIFIC TO ##########
######### DAEMON SYNCHRONIZATION ##########
另外我又把ssh端口改回了22
每天看看/etc/hosts.deny有多少ip被屏蔽
你们尽管撞
image.png
)
