阻止ssh暴力破解shell
說明:bash
今天無心間看了下/var/log/secure日誌,嚇了一跳,以下:服務器
Sep 15 14:25:12 localhost sshd[5914]: Failed password for root from 221.203.142.70 port 49476 ssh2 Sep 15 14:25:12 localhost sshd[5934]: Failed password for root from 115.182.88.152 port 28712 ssh2 Sep 15 14:25:13 localhost sshd[5918]: Failed password for root from 221.203.142.72 port 44212 ssh2 Sep 15 14:25:13 localhost sshd[5930]: Failed password for root from 218.65.30.92 port 42513 ssh2 Sep 15 14:25:15 localhost sshd[5946]: Failed password for root from 115.182.88.152 port 29380 ssh2 Sep 15 14:25:16 localhost sshd[5930]: Failed password for root from 218.65.30.92 port 42513 ssh2 Sep 15 14:25:16 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:16 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:17 localhost sshd[5957]: Failed password for root from 115.182.88.152 port 30023 ssh2 Sep 15 14:25:18 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:19 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:19 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:19 localhost sshd[5967]: Failed password for root from 115.182.88.152 port 30601 ssh2 Sep 15 14:25:21 localhost sshd[5952]: Failed password for root from 221.203.142.72 port 57263 ssh2 Sep 15 14:25:21 localhost sshd[5949]: Failed password for root from 221.203.142.70 port 33909 ssh2 Sep 15 14:25:21 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:23 localhost sshd[5991]: Failed password for root from 115.182.88.152 port 31030 ssh2 Sep 15 14:25:24 localhost sshd[5961]: Failed password for root from 218.65.30.92 port 56454 ssh2 Sep 15 14:25:24 localhost sshd[5996]: Failed password for root from 221.203.142.72 port 41459 ssh2 Sep 15 14:25:25 localhost sshd[5998]: Failed password for root from 221.203.142.70 port 48277 ssh2 Sep 15 14:25:25 localhost sshd[6001]: Failed password for root from 115.182.88.152 port 31725 ssh2
有人試圖去破解服務器的root密碼
ssh
解決方法:ide
方法一:禁止root用戶直接登陸:
日誌
因爲線上有些程序裏採用了root密碼,因此此方法沒法使用
ip
方法二:把惡意ip直接禁掉
it
寫一個shell腳本,以下:class
vi /root/scripts/denyRootSsh/denyRootSsh.sh #!/bin/bash #過濾Failed password for root,寫入failIP.txt文件 grep 'Failed password for root from' /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -rn > /root/scripts/denyRootSsh/failIP.txt #失敗次數大於100的,將其ip寫入/etc/hosts.deny文件 while read failStatus do failTimes=`echo $failStatus | awk '{print $1}'` failIP=`echo $failStatus | awk '{print $2}'` if [ $failTimes -gt 100 ];then denyIP=`grep $failIP /etc/hosts.deny` if [ -z $denyIP ];then echo "sshd:$failIP" >> /etc/hosts.deny fi fi done < /root/scripts/denyRootSsh/failIP.tx
腳本解讀:awk
/etc/hosts.deny文件
sshd:43.229.53.55 ##禁止ip43.229.53.55再次訪問root
寫個計劃任務,天天凌晨1點執行一次