centos7/8 安装denyhosts防止SSH破解[0]

Posted on by

现在的互联网非常不安全,很多人没事就拿一些扫描机扫描ssh端口,然后试图连接ssh端口进行暴力破解(穷举扫描),所以建议vps主机的空间,尽量设置复杂的ssh登录密码。DenyHosts是一个脚本,旨在由Linux系统管理员运行,以帮助阻止SSH服务器攻击(也称为基于字典的攻击和蛮力攻击)。

项目官网:http://denyhosts.sourceforge.net/

  • 安装rsyslog
yum install rsyslog -y
systemctl restart rsyslog

清除已有的记录

echo "" > /var/log/secure && service rsyslog restart
  • 安装denyhosts
wget https://www.fanlog.org/wp-content/uploads/2020/12/DenyHosts-2.6.tar.gz
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
yum install python2
alternatives --set python /usr/bin/python2
python setup.py install
cd /usr/share/denyhosts/
cp denyhosts.cfg-dist denyhosts.cfg
cp daemon-control-dist daemon-control
ln -sf /usr/share/denyhosts/daemon-control-dist /etc/init.d/denyhosts
chkconfig --add denyhosts
chkconfig denyhosts on
chkconfig --list denyhosts
systemctl status denyhosts
systemctl restart denyhosts
systemctl enable denyhosts
或者
/usr/lib/systemd/systemd-sysv-install enable denyhosts

也可以:
yum install epel-release
yum install denyhosts -y
  • 修改配置文件
nano /usr/share/denyhosts/denyhosts.cfg

修改如下:参考配置文件denyhosts

BLOCK_SERVICE  = ALL
PURGE_DENY =
DENY_THRESHOLD_INVALID =2
DENY_THRESHOLD_VALID =3
DENY_THRESHOLD_ROOT =1

centos的安全记录

cd /var/log/secure
  • 查看被禁止的ip
touch /etc/hosts.deny
nano /etc/hosts.deny

开启白名单

touch /etc/hosts.allow
nano /etc/hosts.allow

添加内容如下:

sshd:1.1.1.1

查看dengyhost日志

nano /var/log/denyhosts
  • 解除IP封锁

实际使用的情况下,直接删除/etc/hosts.deny根本无法解除相应的IP的封锁需要如下操作。

systemctl stop denyhosts
cat /dev/null > /var/log/secure
cat /dev/null > /etc/hosts.deny 
cat /dev/null > /usr/share/denyhosts/data/hosts 
cat /dev/null > /usr/share/denyhosts/data/hosts-restricted
cat /dev/null > /usr/share/denyhosts/data/hosts-root
cat /dev/null > /usr/share/denyhosts/data/hosts-valid
cat /dev/null > /usr/share/denyhosts/data/offset
cat /dev/null > /usr/share/denyhosts/data/suspicious-logins
cat /dev/null > /usr/share/denyhosts/data/users-hosts
cat /dev/null > /usr/share/denyhosts/data/users-invalid
cat /dev/null > /usr/share/denyhosts/data/users-valid
echo 192.168.1.1 >>/usr/share/denyhosts/data/allowed-hostsps #添加白名单
systemctl restart denyhosts

再次检查

nano /etc/hosts.deny

 

参考资料:

  1. https://www.vpser.net/security/denyhosts.html
  2. https://blog.gavinzh.com/2018/01/28/how-to-use-denyhosts-for-linux-secure/
  3. https://blog.csdn.net/qq_41729148/article/details/88750014
  4. https://zhuanlan.zhihu.com/p/36404653
  5. https://zhuanlan.zhihu.com/p/36955353
  6. https://blog.csdn.net/clz_3022/article/details/108870016
  7. https://samzong.me/2016/11/23/denyhosts-linux/