阻止ssh暴力破解
阻止ssh暴力破解shell
說明:bash
今天無心間看了下/var/log/secure日誌,嚇了一跳,以下:服務器
Sep 15 14:25:12 localhost sshd[5914]: Failed password for root from 221.203.142.70 port 49476 ssh2 Sep 15 14:25:12 localhost sshd[5934]: Failed password for root from 115.182.88.152 port 28712 ssh2 Sep 15 14:25:13 localhost sshd[5918]: Failed password for root from 221.203.142.72 port 44212 ssh2 Sep 15 14:25:13 localhost sshd[5930]: Failed password for root from 218.65.30.92 port 42513 ssh2 Sep 15 14:25:15 localhost sshd[5946]: Failed password for root from 115.182.88.152 port 29380 ssh2 Sep 15 14:25:16 localhost sshd[5930]: Failed password for root from 218.65.30.92 port 42513 ssh2 Sep 15 14:25:16 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:16 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:17 localhost sshd[5957]: Failed password for root from 115.182.88.152 port 30023 ssh2 Sep 15 14:25:18 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:19 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:19 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:19 localhost sshd[5967]: Failed password for root from 115.182.88.152 port 30601 ssh2 Sep 15 14:25:21 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:21 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:21 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:23 localhost sshd[5991]: Failed password for root from 115.182.88.152 port 31030 ssh2 Sep 15 14:25:24 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:24 localhost sshd[5996]: Failed password for root from 221.203.142.72 port 41459 ssh2 Sep 15 14:25:25 localhost sshd[5998]: Failed password for root from 221.203.142.70 port 48277 ssh2 Sep 15 14:25:25 localhost sshd[6001]: Failed password for root from 115.182.88.152 port 31725 ssh2
有人試圖去破解服務器的root密碼
ssh
解決方法:ide
方法一:禁止root用戶直接登陸:
日誌
因爲線上有些程序裏採用了root密碼,因此此方法沒法使用
ip
方法二:把惡意ip直接禁掉
it
寫一個shell腳本,以下:class
vi /root/scripts/denyRootSsh/denyRootSsh.sh
#!/bin/bash
#過濾Failed password for root,寫入failIP.txt文件
grep 'Failed password for root from' /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -rn > /root/scripts/denyRootSsh/failIP.txt
#失敗次數大於100的,將其ip寫入/etc/hosts.deny文件
while read failStatus
do
failTimes=`echo $failStatus | awk '{print $1}'`
failIP=`echo $failStatus | awk '{print $2}'`
if [ $failTimes -gt 100 ];then
denyIP=`grep $failIP /etc/hosts.deny`
if [ -z $denyIP ];then
echo "sshd:$failIP" >> /etc/hosts.deny
fi
fi
done < /root/scripts/denyRootSsh/failIP.tx
腳本解讀:awk
/etc/hosts.deny文件
sshd:43.229.53.55 ##禁止ip43.229.53.55再次訪問root
寫個計劃任務,天天凌晨1點執行一次
相關文章
- 1. 使用 DenyHosts 阻止 SSH 暴力破解
- 2. Fail2ban 阻止暴力破解
- 3. linux下阻擋ssh暴力破解
- 4. 防止ssh暴力破解linux密碼
- 5. denyhost防止SSH暴力破解
- 6. 如何防止SSH暴力破解
- 7. Linux CentOS 防止SSH暴力破解
- 8. 使用 Fail2ban 防止 ssh 暴力破解***
- 9. 使用DenyHosts防止ssh暴力破解
- 10. ssh暴力破解
- 更多相關文章...
- • SQLite Explain(解釋) - SQLite教程
- • 免費ARP詳解 - TCP/IP教程
- • Scala 中文亂碼解決
- • JDK13 GA發佈:5大特性解讀
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章