Linux VPS Security Configuration: Disable 22 port, root user and configure DenyHosts anti-violence hack

Source: Internet
Author: User
Tags log log vps ssh server

Recently rented a vultr Tokyo computer room VPS, every day will generate a lot of abnormal log logs, suspected of scanning software violence, so Google a bit of server security knowledge.

Needless to say, the following procedure is recorded:

Note: The following operations are based on CentOS 7 and may differ depending on the operating system

First, modify the SSH service default port

The default port for the SSH service is 22, and the scanning software will first attempt to log on through this port, so change it to a port that is not easy to guess (it is recommended to use 10000~65535, the most complex and difficult to conflict with other processes)

1 vim/etc/ssh/sshd_config

Added xxxxx port and reserved 22 port (prevents a new port from being enabled and the original 22 port is not connected)

1 # If you want-to-change the port on a SELinux system that you had to tell 2 # SELinux about this change. 3 # semanage port-a-T ssh_port_t-p TCP #PORTNUMBER4#5Port C10>6Port XXXXX7#AddressFamilyany80.0. 0.0 9 #ListenAddress::

Add a new port to the firewall

1 firewall-cmd--permanent--add-port=xxxxx/TCP # added to firewall 2 firewall-cmd--Reload # Reload firewall configuration 3 firewall-cmd--permanent--query-port=xxxxx/tcp # to see if the add succeeded

Restart the SSH service and firewall, and preferably restart the server

1 systemctl Restart Sshd.service 2 systemctl Restart Firewalld.service 3 reboot

Use the new port to connect to the VPS and re-annotate the 22 port If the connection is successful

Second, new normal user, disable the root user remote login

Root user has the highest privileges of the server, if the consequences will be unthinkable, you can disable the root user remote login to prevent

1 vim/etc/sudoers

Check the following location%wheel before the #, if you have it deleted, Grant Wheel user group Super Administrator rights

1 inch group wheel to run all commands 2 %wheel    all= (All)    all

Add a normal user and authorize to execute commands that require administrator privileges with sudo under that user

1 useradd Test # Add User 2 passwd Test # Set Password 3 usermod-G Wheel test # Adds a new user to the wheel group (added to the additional group, the primary group does not change)4ID Test # To see if the add succeeded

Modify the/etc/ssh/sshd_config file

1 vim/etc/ssh/sshd_config

Locate the following line and change the permitrootlogin after yes to No to prevent the root user from logging in remotely

1 permitrootlogin No

Restart the SSH service, and then login to the VPS with a new normal user

Third, installation denyhosts anti-violence attack

DenyHosts is a log-based intrusion prevention security tool for SSH servers, written in Python. It prevents brute-force hacking of the SSH server by monitoring failed login attempts in the authentication log log, shielding the IP addresses of these logins. --Wikipedia

First download denyhosts, official address: https://sourceforge.net/projects/denyhosts/

can also use wget direct download source code

1 wget http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/denyhosts-2.6.tar.gz 

Then unzip

1 tar -zxvf denyhosts-2.6. tar. gz

Go to unzip Directory

1 cd denyhosts-2.6

Performing the installation

1 Install

Go to the installation directory

1 cd/usr/share/denyhosts/

Creating a copy of a configuration file and a startup file

1 CP denyhosts.cfg-Dist denyhosts.cfg2CP daemon-control-dist Daemon-control

Establish Symbolic Links

1 LN -s/usr/share/denyhosts/daemon-control/etc/init.d/denyhosts

Set DenyHosts to boot

1 chkconfig--Add denyhosts # Add denyhosts service 2 chkconfig denyhosts on # set denyhosts at each level (2
    ,3,4,5) is on (open) status 3 chkconfig--list denyhosts # query is set successfully

Start the service

1 systemctl start Denyhosts.service

For IP that failed multiple logons, it is logged to the/etc/hosts.deny file to be masked, thereby restricting its continued login

Conclusion

At this point, the VPS Security configuration is over. Of course, such as the use of SSH key to log on to the server, but I think in case you need to temporarily log on other computers, the key is not very convenient. In fact, for the ordinary personal server, through the above configuration, has been able to withstand the majority of violent attacks.

Attached: denyhosts configuration file Description (denyhosts.cfg)

1Secure_log =/var/log/Secure #指定ssh日志文件2Hosts_deny =/etc/Hosts.deny #记录阻止登陆系统IP的文件3Purge_deny =#清理HOSTS_DENY文件的时间4Block_service =sshd #在HOSTS_DENY中定义要阻止的服务5Deny_threshold_invalid =5#系统不存在用户失败次数6Deny_threshold_valid =Ten#除root外, the system has a user failure number7Deny_threshold_root =1#root用户失败次数8deny_threshold_restricted =1#针对WORK_DIR下定义的限制用户名的失败次数9Work_dir =/usr/share/denyhosts/Data #将deny的host或ip记录到WORK_DIR中TenSuspicious_login_report_allowed_hosts=yes #来自于allowed-can try in the hosts, whether to report Onehostname_lookup=YES #是否做域名反向解析 ALock_file =/var/lock/subsys/denyhosts #保证同时只有一个denyhosts程序运行的锁文件 -         -Admin_email =123@456.789#设置管理员邮箱, the SendMail will send an email when the system is open. theSmtp_host =localhost #SMTP服务器 -Smtp_port = -#SMTP端口 -Smtp_from = denyhosts <[email protected]>#通知邮件的发信人地址 -Smtp_subject =denyhosts Report #发信的主题 +Age_reset_valid=5d #指定时间没有失败登陆记录, resets the failure count of this host to 0 (not for root) -age_reset_root=25d #root用户的重置时间 +Age_reset_restricted=25d #针对有限制用户的 AAge_reset_invalid=10d #针对无效用户的 at     -Daemon_log =/var/log/denyhosts #程序后台运行的日志记录 -   -Daemon_sleep =30s #每次读取日志的时间间隔 -Daemon_purge = 1h #清除机制在 The time interval for terminating old entries in Hosts_deny

Linux VPS Security Configuration: Disable 22 port, root user and configure DenyHosts anti-violence hack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.