This is a collection in the log of the document, the original view server sshd log found a lot of unknown IP attempts to log in, so what to prevent such a thing to happen. Online to find the next use denyhosts can solve such problems, so it will be collected in the log. Because the time is longer, cannot find the source of the original text, if you know the source, you can contact me plus. All right, in the chase.
DenyHosts is a program written in Python2.3, it is mainly based on the system log files/var/log/secure file analysis, when the same IP is found in multiple SSH password attempts will be recorded IP to/etc/ Hosts.deny file to automatically block the IP.
First, check the installation environment:
1) determine if the system installed SSHD supports Tcp_wrappers (supported by default), the command is as follows:
ldd/usr/sbin/sshd | grep libwrap.so. 0
If there is output: libwrap.so.0 =/lib64/libwrap.so.0 is supported
2) Determine if there is Python (CentOS is default):
Python-v
As long as the system Python version is not less than version 2.3 (native version of Python 2.6.5).
Second, installation denyhosts
1, download denyhosts-2.6.tar.gz and upload to the server, you can load the latest program in http://denyhosts.sourceforge.net/.
2. Installation
1), unzip
TAR-ZXVF denyhosts-2.6. tar.gz
2), installation
CD denyhosts-2.6Install
Program scripts are automatically installed in:/usr/share/denyhosts directory
Library files installed in:/usr/lib/python2.6/site-packages/denyhosts directory
denyhosts.py installed by default in:/usr/bin/directory
3. Set Startup script
cd/usr/share/denyhosts/CP daemon-control-dist daemon-controlchown root daemon-control700 Daemon-control
# #将denyhosts A line not beginning with "#" in Cfg-dist, write Denyhosts.cfg file
"^#" denyhosts.cfg-dist > Denyhosts.cfg
Edit Denyhosts.cfg
VI denyhosts.cfg
Specific configuration items can refer to the following configuration:
############ These SETTINGS is REQUIRED ############ # #分析源文件 Secure_log =/var/log/Secure # #禁止sshd登陆的IP存放文件 Hosts_deny =/etc/Hosts.deny # #过多久后清除已经禁止的IP Purge_deny =1d # #监控的服务名 block_service = sshd # #表示允许无效用 Number of user logon failures Deny_threshold_invalid = 3 # #表示允许普通用户登录失败的次数 deny_threshold_valid = 3 # #表示允许root用户登录失败 The number of times Deny_threshold_root = 3 deny_threshold_restricted = 1 work_dir =/usr/share/denyhosts/data suspicious_login_report_allowed_hosts=YES # #是否做域名反解 hostname_lookup=NO lock_file =/var/lock/subsys/ DenyHosts
4. Add denyhosts to system service and start automatically
1), self-starting
Add the following line at the end
/usr/share/denyhosts/daemon-control start
2), add to System services
Ln-s/usr/share/denyhosts/daemon-control/etc/init.d/denyhostschkconfig--345 denyhosts on
5. Start DenyHosts
Service DenyHosts Start
6. See if the denyhosts is running successfully
Service denyhosts Status
Display: DenyHosts is running with PID = XXXX, which runs successfully.
7, at this point, DenyHosts is also configured to complete; In addition, the default port of sshd is modified, combined with denyhosts can prevent most sshd brute force.
Linux prevents sshd from being exploded (install denyhosts)