阻止ssh暴力破解
2015-09-15 15:59
671 查看
阻止ssh暴力破解
说明:
今天无意间看了下/var/log/secure日志,吓了一跳,如下:
解决方法:
方法一:禁止root用户直接登录:
由于线上有些程序里采用了root密码,所以此方法无法使用
方法二:把恶意ip直接禁掉
写一个shell脚本,如下:
/etc/hosts.deny文件
sshd:43.229.53.55 ##禁止ip43.229.53.55再次访问root
写个计划任务,每天凌晨1点执行一次
说明:
今天无意间看了下/var/log/secure日志,吓了一跳,如下:
Sep 15 14:25:12 localhost sshd[5914]: Failed password for root from 221.203.142.70 port 49476 ssh2 Sep 15 14:25:12 localhost sshd[5934]: Failed password for root from 115.182.88.152 port 28712 ssh2 Sep 15 14:25:13 localhost sshd[5918]: Failed password for root from 221.203.142.72 port 44212 ssh2 Sep 15 14:25:13 localhost sshd[5930]: Failed password for root from 218.65.30.92 port 42513 ssh2 Sep 15 14:25:15 localhost sshd[5946]: Failed password for root from 115.182.88.152 port 29380 ssh2 Sep 15 14:25:16 localhost sshd[5930]: Failed password for root from 218.65.30.92 port 42513 ssh2 Sep 15 14:25:16 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:16 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:17 localhost sshd[5957]: Failed password for root from 115.182.88.152 port 30023 ssh2 Sep 15 14:25:18 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:19 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:19 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:19 localhost sshd[5967]: Failed password for root from 115.182.88.152 port 30601 ssh2 Sep 15 14:25:21 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:21 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:21 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:23 localhost sshd[5991]: Failed password for root from 115.182.88.152 port 31030 ssh2 Sep 15 14:25:24 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:24 localhost sshd[5996]: Failed password for root from 221.203.142.72 port 41459 ssh2 Sep 15 14:25:25 localhost sshd[5998]: Failed password for root from 221.203.142.70 port 48277 ssh2 Sep 15 14:25:25 localhost sshd[6001]: Failed password for root from 115.182.88.152 port 31725 ssh2有人试图去破解服务器的root密码
解决方法:
方法一:禁止root用户直接登录:
由于线上有些程序里采用了root密码,所以此方法无法使用
方法二:把恶意ip直接禁掉
写一个shell脚本,如下:
vi /root/scripts/denyRootSsh/denyRootSsh.sh #!/bin/bash #过滤Failed password for root,写入failIP.txt文件 grep 'Failed password for root from' /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -rn > /root/scripts/denyRootSsh/failIP.txt #失败次数大于100的,将其ip写入/etc/hosts.deny文件 while read failStatus do failTimes=`echo $failStatus | awk '{print $1}'` failIP=`echo $failStatus | awk '{print $2}'` if [ $failTimes -gt 100 ];then denyIP=`grep $failIP /etc/hosts.deny` if [ -z $denyIP ];then echo "sshd:$failIP" >> /etc/hosts.deny fi fi done < /root/scripts/denyRootSsh/failIP.tx脚本解读:
/etc/hosts.deny文件
sshd:43.229.53.55 ##禁止ip43.229.53.55再次访问root
写个计划任务,每天凌晨1点执行一次
相关文章推荐
- android wifi 无线调试
- 运维入门
- 动态清空 nohup 输出文件
- install scrapy with pip and easy_install
- Linux Shell常用技巧
- shell字符串操作详解
- Shell中删除某些文件外所有文件的3个方法
- Ruby中执行Linux shell命令的六种方法详解
- VB使用shell函数打开外部exe程序的实现方法
- Shell编程的一些知识集合
- Shell中的for和while循环详细总结
- 什么是Shell?Shell脚本基础知识详细介绍
- Shell脚本中引用、调用另一个脚本文件的2种方法
- Shell脚本解压rpm软件包
- Shell脚本实现复制文件到多台服务器的代码分享
- Shell脚本实现批量替换文件内容
- Shell脚本实现的一个简易Web服务器例子分享
- linux Shell学习笔记第五天
- Perl 获取shell命令的执行结果
- Shell脚本中非交互式修改密码的两种方法