linux下使用denyhosts防止ssh暴力破解

时间:2023-12-18 12:25:08

1.DenyHosts介绍

DenyHosts是Python语言写的一个程序,它会分析sshd的日志文件(/var/log/secure),当发现重 复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能。

DenyHosts官方网站为:http://denyhosts.sourceforge.net

2. 安装DenyHosts

wget "downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz"
tar -xzf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install

DenyHosts默认安装到/usr/share/denyhosts目录

3.配置

cd /usr/share/denyhosts/
cp denyhosts.cfg-dist denyhosts.cfg
vim denyhosts.cfg

修改如下:

PURGE_DENY = 1h #过多久后清除已阻止IP
HOSTS_DENY = /etc/hosts.deny #将阻止IP写入到hosts.deny
BLOCK_SERVICE = sshd #阻止服务名
DENY_THRESHOLD_INVALID = #允许无效用户登录失败的次数
DENY_THRESHOLD_VALID = #允许普通用户登录失败的次数
DENY_THRESHOLD_ROOT = #允许root登录失败的次数
WORK_DIR = /usr/share/denyhosts/data #将deny的host或ip纪录到Work_dir中
DENY_THRESHOLD_RESTRICTED = #设定 deny host 写入到该资料夹
LOCK_FILE = /var/lock/subsys/denyhosts #将DenyHOts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。
HOSTNAME_LOOKUP=NO #是否做域名反解
ADMIN_EMAIL = #设置管理员邮件地址
DAEMON_LOG = /var/log/denyhosts #自己的日志文件
DAEMON_PURGE = 1h #该项与PURGE_DENY 设置成一样,也是清除hosts.deniedssh 用户的时间

4.设置启动脚本

使DenyHosts每次重起后自动启动:

cp daemon-control-dist daemon-control
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
chkconfig denyhosts on
service denyhosts start

5.查看屏蔽IP

[root@localhost ~]# cat /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
# DenyHosts: Mon Mar :: | sshd: 123.30.135.177
sshd: 123.30.135.177
# DenyHosts: Mon Mar :: | sshd: 125.88.177.95
sshd: 125.88.177.95