DenyHosts是Python语言写的一个程序,它会分析sshd的日志文件(/var/log/secure),当发现重 复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能
DenyHosts官方网站 http://denyhosts.sourceforge.net
下载页面 http://sourceforge.net/projects/denyhosts/files/
1
2
3
4
5
|
tar
-xzf DenyHosts-2.6.
tar
.gz
cd
DenyHosts-2.6
python setup.py
install
cd
/usr/share/denyhosts/
#安装目录
cp
denyhosts.cfg-dist denyhosts.cfg
|
vim denyhosts.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG =
/var/log/secure
#系统的ssh日志,centos默认是这个文件
HOSTS_DENY =
/etc/hosts
.deny
#被阻止ip的文档
PURGE_DENY = 2d
#阻止时间
BLOCK_SERVICE = sshd
DENY_THRESHOLD_INVALID = 5
#允许无效用户登录失败的次数
DENY_THRESHOLD_VALID = 10
#允许普通用户登录失败的次数
DENY_THRESHOLD_ROOT = 3
#允许root登录失败的次数
DENY_THRESHOLD_RESTRICTED = 3
#设定 deny host 写入到该资料夹
WORK_DIR =
/usr/share/denyhosts/data
#将deny的host或ip纪录到Work_dir中
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
#是否做域名反解
LOCK_FILE =
/var/lock/subsys/denyhosts
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = your_mail@163.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG =
/var/log/denyhosts
#denyhosts自己的日志
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
|
1
2
3
4
5
6
|
cp
daemon-control-dist daemon-control
chown
root daemon-control
chmod
700 daemon-control
.
/daemon-control
start
ln
-s
/usr/share/denyhosts/daemon-control
/etc/init
.d
/denyhosts
chkconfig --level 2345 denyhosts on
|
1
2
|
#重启服务以及进程
service denyhosts restart
|
1
2
|
sent DenyHosts SIGTERM
starting DenyHosts:
/usr/bin/env
python
/usr/bin/denyhosts
.py --daemon --config=
/usr/share/denyhosts/denyhosts
.cfg
|
cat /etc/hosts.deny #查看阻止的ip 记录
如果取消这个ip的限制,则在/etc/hosts.deny 删除ip信息
本文转自 bbotte 51CTO博客,原文链接:http://blog.51cto.com/bbotte/1530831,如需转载请自行联系原作者