标签：lib 黑白 etc hosts ssh denyhosts DenyHos var usr

DenyHos黑白名单防ssh攻击

DenyHosts是Python语言写的一个程序，它会分析sshd的日志文件（/var/log/secure），当发现重复的攻击时就会记录IP到/etc/hosts.deny文件，从而达到自动屏IP的功能。

官网下载DenyHosts

DenyHosts官网：http://denyhosts.sourceforge.net/

https://github.com/denyhosts/denyhosts

安装部署

yum安装

#yum install repe-release denyhosts -y

#systemctl enable --now denyhosts 

# cat /usr/lib/systemd/system/denyhosts.service 
[Unit]
Description=SSH log watcher
Before=sshd.service

[Service]
Type=forking
ExecStartPre=/bin/rm -f /var/run/denyhosts.pid
ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
PIDFile=/var/run/denyhosts.pid

[Install]
WantedBy=multi-user.target
$systemctl enable denyhosts.service

黑白名单

]# cat /etc/hosts.allow
#
# hosts.allow    This file contains access rules which are used to
#        allow or deny connections to network services that
#        either use the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
sshd:*.*.*.*   #表示允许所有


]# head -18  /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#        deny connections to network services that either use
#        the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        The rules in this file can also be set up in
#        /etc/hosts.allow with a 'deny' option instead.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
# DenyHosts: Fri Jan  6 14:59:19 2023 | sshd: 200.148.153.172
sshd: 200.148.153.172
# DenyHosts: Fri Jan  6 14:59:19 2023 | sshd: 159.223.229.158
sshd: 159.223.229.158
# DenyHosts: Fri Jan  6 14:59:19 2023 | sshd: 41.79.235.36

编译安装

# wget http://imcat.in/down/DenyHosts-2.6.tar.gz
# du -sh DenyHosts-2.6.tar.gz
# tar xvf DenyHosts-2.6.tar.gz -C /usr/local/
# cd /usr/local/DenyHosts-2.6/
# python setup.py install


#cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg 

# egrep -v '^#|^$' /usr/share/denyhosts/denyhosts.cfg
       ############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 1h
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts
       ############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL =
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
DAEMON_LOG = /var/log/denyhosts

DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
   #########   THESE SETTINGS ARE SPECIFIC TO     ##########
   #########       DAEMON SYNCHRONIZATION         ##########

# cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control //启动文件
# chown root /usr/share/denyhosts/daemon-control
# chmod 754 /usr/share/denyhosts/daemon-control
# ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
# chkconfig --level 345 denyhosts on
# /sbin/service denyhosts restart
# /sbin/service denyhosts stop
# /sbin/service denyhosts status

 ####或开启启动方式

# vi /etc/rc.local
/usr/share/denyhosts/daemon-control start

标签：lib,黑白,etc,hosts,ssh,denyhosts,DenyHos,var,usr
From： https://www.cnblogs.com/weiweirui/p/17030811.html

DenyHos黑白名单防ssh攻击

DenyHos黑白名单防ssh攻击

官网下载DenyHosts

yum安装

相关配置文件

黑白名单

编译安装

相关文章

赞助商

阅读排行