防暴力破解DenyHosts

DenyHosts是用于阻止SSH服务器暴力破解攻击的的脚本，由python编写。
官网：http://denyhosts.sourceforge.net/
下载：http://sourceforge.net/projects/denyhosts/files/

帮助

显示代码

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76

[root@localhost ~]# cd /opt/ [root@localhost ~]# wget -c http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdenyhosts%2Ffiles%2F&ts=1333000482&use_mirror=cdnetworks-kr-1 [root@localhost opt]# tar xzvf DenyHosts-2.6.tar.gz [root@localhost opt]# cd DenyHosts-2.6 [root@localhost DenyHosts-2.6]# python setup.py install [root@localhost DenyHosts-2.6]# cd /usr/share/denyhosts/ [root@localhost denyhosts]# cp denyhosts.cfg-dist denyhosts.cfg [root@localhost denyhosts]# cp daemon-control-dist daemon-control [root@localhost denyhosts]# chown root daemon-control [root@localhost denyhosts]# chmod 700 daemon-control                         编辑denyhosts.cfg配置文件：   SECURE_LOG = /var/log/secure #如果是针对ssh服务的日志，Centos选择如上； HOSTS_DENY = /etc/hosts.deny #调用hosts.deny控制用户登陆 PURGE_DENY = 30m #禁止时长，既过多久清除禁止； # m表示分钟；h=表示小时；d表示天；w表示星期；y表示年 BLOCK_SERVICE = sshd #禁止的服务名 DENY_THRESHOLD_INVALID = 1 #允许无效用户失败的次数 DENY_THRESHOLD_VALID = 5 #允许普通用户登陆失败的次数 DENY_THRESHOLD_ROOT = 3 #允许root登陆失败的次数 HOSTNAME_LOOKUP=NO #是否做域名反解 ADMIN_EMAIL = kefu@mygod.com #管理员邮件地址,用下面的账户发送邮件通知 SMTP_HOST = mail.mygod.com SMTP_PORT = 25 SMTP_USERNAME = user@mygod.com SMTP_PASSWORD = passwd SMTP_FROM = DenyHosts DAEMON_LOG = /var/log/denyhosts #DenyHosts日志文件存放的路径                             [root@localhost denyhosts]# /usr/share/denyhosts/daemon-control start starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg    [root@localhost denyhosts]# more /etc/hosts.deny # # hosts.deny    This file describes the names of the hosts which are #               *not* allowed to use the local INET services, as decided #               by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow.  In particular # you should know that NFS uses portmap!   # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 118.102.2.245 sshd: 118.102.2.245 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 189.19.206.13 sshd: 189.19.206.13 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 125.208.3.9 sshd: 125.208.3.9 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 160.36.29.87 sshd: 160.36.29.87 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 60.220.254.6 sshd: 60.220.254.6 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 202.194.22.245 sshd: 202.194.22.245 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 122.227.15.120 sshd: 122.227.15.120 # DenyHosts: Wed Mar 25 17:58:16 2009 | sshd: 203.130.248.134 sshd: 203.130.248.134   [root@localhost# ln -s /usr/share/denyhosts/daemon-control-dist /etc/init.d [root@localhost# chkconfig daemon-control-dist on [root@localhost denyhosts]# exit logout   备注：使用前建议给自己常用的IP加入白名单/etc/hosts.allow；