Prevent SSH brute force hack linux password

Online to see a security article, the usual collection of Web sites can not be collected, so put here first. The specific function has not been tested , please use it with caution .

Here is the original blog reproduced, thank the author hard work:

Servers in the Internet, every day there are some people who do not have a job to sweep the port of your machine, so that administrators are very upset. This article describes a method that uses the script described in this article in conjunction with the Iptables service to prevent a public computer from using SSH for user password brute force cracking. The current stable script has been validated in the actual operating environment of other projects.

Script content:

#!/bin/bash#  anti-SSH password brute force hack script #  use iptables to deny malicious login by parsing secure log files Ip# by wangjun caoyinsheng  2014.01.27source /root/.bash_profile      #脚本运行环境变量FILE_DIR =/opt/security_ tools      #程序执行路径LOG_FILE =/var/log/secure      #日志路路径SAVE_ file= $FILE _dir/belialip      #保存iptables拒绝IP文件名SAVE_TEMP_FILE =${save_file}.temp        #临时保存拒绝IP文件名, compare with ip_repeat=15;            #允许尝试登入次数 # Two regular is considering the problem that the log file is too large causing the sort to be too slow ip= ' cat  $LOG _file | awk -f ":"   ' {print  $1 ":" $ ":" $ $ ":" $4 "" $7} '  |sed -n -e  '/.*failed password.*/p '  | sort  | uniq -c | awk -v nnm= $IP _repeat  ' {if ($1 > num)   print $0;} '  | sed -n -e  ' s/.*failed password.*from[ ]\ (. *\) [ ]port.*/\1/p ' |  awk ' {a[$0]++}end{for (i in a) {print i}} '; backifs= $IFS; ifs= "\ n";if [ -e  $SAVE _file  ]then    echo  $ip  >  $SAVE _temp_file;    differ = ' comm -13  $SAVE _file  $SAVE _temp_file ';     tmp= ' cat  $SAVE _file ';     echo -e  $differ "\ n" $tmp  | uniq | sort >  $SAVE _ file;else    differ= $ip;    echo  $ip  >  $SAVE _file; fiif [ ${differ} ]then    ifs= $backIFS;     ips= ' echo   $differ  | tr  "\ n"   '   '  | tr -s  '   ';         for dip in  $ips;    do         iptables -A INPUT -s  $dip  -j DROP     done;fi

Deployment method:

1, create the file killer.sh in the/opt/security_tools directory, and paste the contents of the script into the file;

2. Run the killer script:

#sh-X/killer.sh

The environment variable where root runs the script may be found as follows:

####### #输出内容 start ########### #PATH =/usr/local/imagemagick-6.8.8-2/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/ local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/x11r6/bin:/root/bin:/root/bin####### #输出内容 End ###### #######

#crontable-E

Paste the above environment variables into the top row of the crontable;

3. Create crontable Plan

#crontable-E

Add the following information in the crontable configuration file:

####### #添加内容 Start ############*/10 * * * */bin/sh/opt/security_tools/killer.sh & #每隔10分钟运行一次killer. Sh script * * 2,6/bin/sh/opt/security_tools/killer.sh & #没周二周六晚上22点01分运行一次killer. SH Script * * * * 2,6 service Iptab Les restart & #没周二周六晚上22点整运行一次iptables服务重启 ####### end of the #添加内容 #############

4. Testing

After 10 minutes, check the iptables–list to see if there are any addresses that have been killed.

Prevent SSH brute force hack linux password