Linux用root強制踢掉已登陸用戶;用fail2ban阻止ssh暴力破解root密碼

時間  2021-08-13
標籤 html centos bash less ssh socket ide 工具 post 日誌 欄目 Linux 简体版
原文   原文鏈接

 

Linux用root強制踢掉已登陸用戶
 

首先使用w命令查看全部在線用戶:html

[root@VM_152_184_centos /]# w
 20:50:14 up 9 days,  5:58,  3 users,  load average: 0.21, 0.05, 0.02
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    101.45.224.253   20:48    0.00s  0.00s  0.00s w
root     pts/1    101.45.224.253   20:49   17.00s  0.00s  0.00s -bash
hmj      pts/2    101.45.224.253   20:50    2.00s  0.00s  0.00s -bash

執行命令:centos

pkill -kill -t TTY值

例:踢掉已登陸用戶hmjbash

pkill -kill -t pts/2

再用w命令查看是否已經強制踢掉:less

[root@VM_152_184_centos /]# w
 20:55:10 up 9 days,  6:03,  2 users,  load average: 0.03, 0.03, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    101.45.224.253   20:48    0.00s  0.00s  0.00s w
root     pts/1    101.45.224.253   20:49    5:13   0.00s  0.00s -bash
  用fail2ban阻止ssh暴力破解root密碼
 

安裝fail2ban工具來實現防暴力破解,防止惡意***,鎖定惡意***IP。
 
一、若是是centos系統,先yum安裝fail2banssh

[root@VM_152_184_centos /]# yum -y install fail2ban

二、爲了更好的看到有哪些IP在嘗試暴利破解,先定義好日誌文件路徑socket

[root@VM_152_184_centos /]# cat /etc/fail2ban/fail2ban.conf |grep -v ^#
 
[Definition]
 
loglevel = 3
 
logtarget = SYSLOG  //這裏是日誌路徑,能夠自定義,好比:/var/log/fail2ban.log
 
socket = /var/run/fail2ban/fail2ban.sock
 
pidfile = /var/run/fail2ban/fail2ban.pid

三、自定義主配置文件(固然,也能夠不修改,保持默認配置)ide

[root@VM_152_184_centos /]# cat /etc/fail2ban/jail.conf |grep -v ^# |less
 
[DEFAULT]
 
ignoreip = 127.0.0.1/8
 
bantime  = 600  //屏蔽、鎖定時間,單位:s
 
findtime  = 600  //600s內嘗試登錄失敗超過規定次數將被鎖定
 
maxretry = 3  //最大登錄失敗次數
 
backend = auto
 
usedns = warn

四、最後,啓動fail2ban,使其配置生效工具

[root@VM_152_184_centos /]# service fail2ban start

最後,再查看一下fail2ban日誌文件,能夠看到已經屏蔽的IP列表(Ban ip是屏蔽/鎖定的IP,Unban ip是自動解鎖的IP)post

[root@VM_152_184_centos /]# cat /var/log/fail2ban.log | grep "ban"
2014-04-15 21:12:18,053 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.151
2014-04-15 21:42:19,037 fail2ban.actions: WARNING [ssh-iptables] Unban 198.104.137.151
2014-04-15 22:12:16,001 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.218
2014-04-15 22:42:16,305 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.218
2014-04-15 23:02:02,609 fail2ban.actions: WARNING [ssh-iptables] Ban 117.34.91.170
2014-04-15 23:26:10,651 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.172
2014-04-15 23:28:02,391 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.151
2014-04-15 23:32:03,428 fail2ban.actions: WARNING [ssh-iptables] Unban 117.34.91.170
2014-04-15 23:46:07,364 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.205
2014-04-15 23:56:10,893 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.172
 

首先使用w命令查看全部在線用戶:日誌

[root@VM_152_184_centos /]# w
 20:50:14 up 9 days,  5:58,  3 users,  load average: 0.21, 0.05, 0.02
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    101.45.224.253   20:48    0.00s  0.00s  0.00s w
root     pts/1    101.45.224.253   20:49   17.00s  0.00s  0.00s -bash
hmj      pts/2    101.45.224.253   20:50    2.00s  0.00s  0.00s -bash

執行命令:

pkill -kill -t TTY值

例:踢掉已登陸用戶hmj

pkill -kill -t pts/2

再用w命令查看是否已經強制踢掉:

[root@VM_152_184_centos /]# w
 20:55:10 up 9 days,  6:03,  2 users,  load average: 0.03, 0.03, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    101.45.224.253   20:48    0.00s  0.00s  0.00s w
root     pts/1    101.45.224.253   20:49    5:13   0.00s  0.00s -bash
  用fail2ban阻止ssh暴力破解root密碼
 

安裝fail2ban工具來實現防暴力破解,防止惡意***,鎖定惡意***IP。
 
一、若是是centos系統,先yum安裝fail2ban

[root@VM_152_184_centos /]# yum -y install fail2ban

二、爲了更好的看到有哪些IP在嘗試暴利破解,先定義好日誌文件路徑

[root@VM_152_184_centos /]# cat /etc/fail2ban/fail2ban.conf |grep -v ^#
 
[Definition]
 
loglevel = 3
 
logtarget = SYSLOG  //這裏是日誌路徑,能夠自定義,好比:/var/log/fail2ban.log
 
socket = /var/run/fail2ban/fail2ban.sock
 
pidfile = /var/run/fail2ban/fail2ban.pid

三、自定義主配置文件(固然,也能夠不修改,保持默認配置)

[root@VM_152_184_centos /]# cat /etc/fail2ban/jail.conf |grep -v ^# |less
 
[DEFAULT]
 
ignoreip = 127.0.0.1/8
 
bantime  = 600  //屏蔽、鎖定時間,單位:s
 
findtime  = 600  //600s內嘗試登錄失敗超過規定次數將被鎖定
 
maxretry = 3  //最大登錄失敗次數
 
backend = auto
 
usedns = warn

四、最後,啓動fail2ban,使其配置生效

[root@VM_152_184_centos /]# service fail2ban start

最後,再查看一下fail2ban日誌文件,能夠看到已經屏蔽的IP列表(Ban ip是屏蔽/鎖定的IP,Unban ip是自動解鎖的IP)

[root@VM_152_184_centos /]# cat /var/log/fail2ban.log | grep "ban"
2014-04-15 21:12:18,053 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.151
2014-04-15 21:42:19,037 fail2ban.actions: WARNING [ssh-iptables] Unban 198.104.137.151
2014-04-15 22:12:16,001 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.218
2014-04-15 22:42:16,305 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.218
2014-04-15 23:02:02,609 fail2ban.actions: WARNING [ssh-iptables] Ban 117.34.91.170
2014-04-15 23:26:10,651 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.172
2014-04-15 23:28:02,391 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.151
2014-04-15 23:32:03,428 fail2ban.actions: WARNING [ssh-iptables] Unban 117.34.91.170
2014-04-15 23:46:07,364 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.205
2014-04-15 23:56:10,893 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.172
 

安裝fail2ban工具來實現防暴力破解,防止惡意***,鎖定惡意***IP。
 
一、若是是centos系統,先yum安裝fail2ban

[root@VM_152_184_centos /]# yum -y install fail2ban

二、爲了更好的看到有哪些IP在嘗試暴利破解,先定義好日誌文件路徑

[root@VM_152_184_centos /]# cat /etc/fail2ban/fail2ban.conf |grep -v ^#
 
[Definition]
 
loglevel = 3
 
logtarget = SYSLOG  //這裏是日誌路徑,能夠自定義,好比:/var/log/fail2ban.log
 
socket = /var/run/fail2ban/fail2ban.sock
 
pidfile = /var/run/fail2ban/fail2ban.pid

三、自定義主配置文件(固然,也能夠不修改,保持默認配置)

[root@VM_152_184_centos /]# cat /etc/fail2ban/jail.conf |grep -v ^# |less
 
[DEFAULT]
 
ignoreip = 127.0.0.1/8
 
bantime  = 600  //屏蔽、鎖定時間,單位:s
 
findtime  = 600  //600s內嘗試登錄失敗超過規定次數將被鎖定
 
maxretry = 3  //最大登錄失敗次數
 
backend = auto
 
usedns = warn

四、最後,啓動fail2ban,使其配置生效

[root@VM_152_184_centos /]# service fail2ban start

最後,再查看一下fail2ban日誌文件,能夠看到已經屏蔽的IP列表(Ban ip是屏蔽/鎖定的IP,Unban ip是自動解鎖的IP)

[root@VM_152_184_centos /]# cat /var/log/fail2ban.log | grep "ban"
2014-04-15 21:12:18,053 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.151
2014-04-15 21:42:19,037 fail2ban.actions: WARNING [ssh-iptables] Unban 198.104.137.151
2014-04-15 22:12:16,001 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.218
2014-04-15 22:42:16,305 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.218
2014-04-15 23:02:02,609 fail2ban.actions: WARNING [ssh-iptables] Ban 117.34.91.170
2014-04-15 23:26:10,651 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.172
2014-04-15 23:28:02,391 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.151
2014-04-15 23:32:03,428 fail2ban.actions: WARNING [ssh-iptables] Unban 117.34.91.170
2014-04-15 23:46:07,364 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.205
2014-04-15 23:56:10,893 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.172
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程