Linux server SSH anti-blast

View Burst Count records

# Cat/var/log/secure | awk '/failed/{print $ (NF-3)} ' | Sort | uniq-c | awk ' {print $ ' = ' $;} '

Change the SSH default port

Modify the SSH server configuration file

# Vim/etc/ssh/sshd_config

You need to specify a connection port when you connect to SSH, such as:

Ssh-p 2212 [email protected]

If you modify the client configuration file/etc/ssh/config_ssh

To change the port to 2212, the default connection is 2212 when connecting to the SSH server.

An anti-blast script on the web

#!/bin/bash#program:# use to monitor the user who try to login.# prevent SSH user brute force hack script # #Usage: # Give executable permissions and add to Cront ab# Please change the number of login failures (default 100) for the 19-line NUM, which will be added to/etc/hosts.deny and send mail # to send mail # (not to be blocked as spam) Http://caspian. dotconf.net/menu/software/sendemail/# SendMail use QQ, 163 mailbox test Pass, the default mail client send QQ mailbox will be rejected need to add whitelist, 163 through #history: #2013/10/ ver:1.02 by jack# #PATH =/sbin:/usr/sbin:/bin:/usr/bin:~export path# define thresholds, exceeding this value add to blacklist and send mail num=100# check for root permissions [$UID! = 0] && echo-e "\e[0;31msorry,please Run as root!\e[0m" && exit to check that the security log file exists and is readable log=/var/log/ secure[!-e $log] | | [!-R $log] && echo-e "\e[0;31mmake sure the file $log exist or can be readable!\e[0m" && exit 3# Login Failed I P Address List ssh_list=/root/logs/ssh_list[!-e ${ssh_list}] && mkdir-p ' dirname ${ssh_list} ' #判断日志中是否存在ssh登录失败ip, Exit if not, otherwise add to ${ssh_list}cat $log |grep ' Failed ' &>/dev/null [$?! = 0] && exit 4cat $log |awk '/failed/{pri NT $ (NF-3)} ' |Uniq-c|sort-nr|awk ' {print $ ' = ' $ ' > ${ssh_list} #定义黑名单文件 (tcpwrappers) deny_file=/etc/hosts.deny# Define sent blacklist mailing list address mail_file=/root/logs/mail_file[!-d ' dirname ${mail_file} '] && mkdir-p ' dirname ${mail_file} ' # Select the mail send side, if you use SendEmail, download and copy sendemail.pl to/usr/bin and give x permission if [-e/usr/bin/sendemail.pl] && [-x/usr/bin/ sendemail.pl]then sendmail= "Maila" Elif [-e/bin/mail] && [-x/bin/mail]then sendmail= "Mailb" Els E sendmail= "None" fi# about SendEmail setting send_user= ' [email protected]\ ' #发送者地址smtp_user = ' xxxx ' #登陆smyp服务器的用户名smtp_ pass= ' xxxx ' #登陆smtp服务器用户的密码smtp_addr = ' smtp.qq.com:25 ' #smtp地址和端口recv_user = ' [email protected] [email  Protected]\ ' #接收者邮件地址send_mailA () {/usr/bin/sendemail.pl-f ${send_user}-t ${recv_user}-S ${smtp_addr}-u "SSHD W Arnings "-M" ' Cat ${mail_file} ' "-xu ${smtp_user}-xp ${smtp_pass} >/dev/null 2>&1}send_mailb () {/bin/ma Il-s "Failed sshd Login Users" ${recv_user} < ${mail_file}} #测试网络Test_network () {#ping 8.8.8.8-c2 &>/dev/nullretval=$ (curl-i-o/dev/null-s-W%{http_code} Http://www.bai du.com/)}for i in ' Cat ${ssh_list} ' do count= ' echo $i |awk-f "= =" ' {print $} ' ipaddr= ' echo $i |awk-f ' =&gt ;" ' {print '} ' if [${count}-ge ${num}];then grep $IPADDR ${deny_file} 2>/dev/null while [ $? -ne 0] do echo "sshd:${ipaddr}" >> ${deny_file} echo "< warning &GT;:IP to ${ipa DDR} user attempts to log in using SSH more than the limit value $num, the number of attempts is $count ">>${mail_file} done Fidone #sleep 1while [-E ${mail_file            }] Do test_network [$RETVAL-ne] && Exit 5 case $sendmail in Maila) Send_maila;;            MAILB) send_mailb;;　　 None) Exit 6 Esac rm-f ${mail_file}done

　　

Linux server SSH anti-blast