centos6.0安装denyhosts2.6总结-白红宇

centos6.0安装denyhosts2.6总结

阅读量：5812 次

发布时间：2019-06-18

本文共 10789 字，大约阅读时间需要 35 分钟。

当你的linux服务器暴露在互联网之中，该服务器将会遭到互联网上的扫描软件进行扫描，并试图猜测SSH登录口令你会发现，每天会有多条SSH登录失败纪录。那些扫描工具将对你的服务器构成威胁，你必须设置复杂登录口令，并将尝试多次登录失败的IP给阻止掉，让其在一段时间内不能访问该服务器。简单方法也可以修改22端口号.

用DenyHosts可以阻止试图猜测SSH登录口令，它会分析/var/log/secure等日志文件，当发现同一IP在进行多次SSH密码尝试时就会记录IP到/etc/hosts.deny文件，从而达到自动屏蔽该IP的目的。last命令的信息来自/var/log/wtmp,如果对有经验的人可能会删除掉这个。但是还是会留下痕迹，使用nmap命令扫描端口，

nmap -PO -sS ip,使用lsof命令，停掉一些不必要的服务，多关注漏洞，配置强有力的iptables来保护自己的系统或者尝试使用Chkrootkit应用程序对rootkit的跟踪，尝试AIDE来检查文件系统的完整性。服务器上除了root外，Linux用户越少越好，如果非要添加就添加shell为nologin。

DenyHosts安装

1.下载denyhost官网为：下载到/usr/src目录中，查询一下系统是否符合要求

[root@localhost denyhosts]# ldd /usr/sbin/sshd|grep libwrap//查看libwrap动态链接库文件。

libwrap.so.0 => /lib/libwrap.so.0 (0x006c8000)

[root@localhost denyhosts]# python -V//查询版本为2.6.5

Python 2.6.5

2.[root@localhost DenyHosts-2.6]# python setup.py install//安装Denyhost

running install

running build

running build_py

creating build

creating build/lib

creating build/lib/DenyHosts

copying DenyHosts/version.py -> build/lib/DenyHosts

copying DenyHosts/purgecounter.py -> build/lib/DenyHosts

copying DenyHosts/regex.py -> build/lib/DenyHosts

copying DenyHosts/restricted.py -> build/lib/DenyHosts

copying DenyHosts/__init__.py -> build/lib/DenyHosts

copying DenyHosts/old-daemon.py -> build/lib/DenyHosts

copying DenyHosts/python_version.py -> build/lib/DenyHosts

copying DenyHosts/filetracker.py -> build/lib/DenyHosts

copying DenyHosts/plugin.py -> build/lib/DenyHosts

copying DenyHosts/constants.py -> build/lib/DenyHosts

copying DenyHosts/loginattempt.py -> build/lib/DenyHosts

copying DenyHosts/prefs.py -> build/lib/DenyHosts

copying DenyHosts/deny_hosts.py -> build/lib/DenyHosts

copying DenyHosts/lockfile.py -> build/lib/DenyHosts

copying DenyHosts/sync.py -> build/lib/DenyHosts

copying DenyHosts/allowedhosts.py -> build/lib/DenyHosts

copying DenyHosts/daemon.py -> build/lib/DenyHosts

copying DenyHosts/util.py -> build/lib/DenyHosts

copying DenyHosts/counter.py -> build/lib/DenyHosts

copying DenyHosts/denyfileutil.py -> build/lib/DenyHosts

copying DenyHosts/report.py -> build/lib/DenyHosts

running build_scripts

creating build/scripts-2.6

copying and adjusting denyhosts.py -> build/scripts-2.6

changing mode of build/scripts-2.6/denyhosts.py from 644 to 755

running install_lib

creating /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/version.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/purgecounter.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/regex.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/restricted.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/__init__.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/old-daemon.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/python_version.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/filetracker.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/plugin.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/constants.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/loginattempt.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/prefs.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/deny_hosts.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/lockfile.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/sync.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/allowedhosts.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/daemon.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/util.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/counter.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/denyfileutil.py -> /usr/lib/python2.6/site-packages/DenyHosts

copying build/lib/DenyHosts/report.py -> /usr/lib/python2.6/site-packages/DenyHosts

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/version.py to version.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/purgecounter.py to purgecounter.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/regex.py to regex.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/restricted.py to restricted.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/__init__.py to __init__.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/old-daemon.py to old-daemon.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/python_version.py to python_version.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/filetracker.py to filetracker.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/plugin.py to plugin.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/constants.py to constants.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/loginattempt.py to loginattempt.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/prefs.py to prefs.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/deny_hosts.py to deny_hosts.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/lockfile.py to lockfile.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/sync.py to sync.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/allowedhosts.py to allowedhosts.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/daemon.py to daemon.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/util.py to util.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/counter.py to counter.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/denyfileutil.py to denyfileutil.pyc

byte-compiling /usr/lib/python2.6/site-packages/DenyHosts/report.py to report.pyc

running install_scripts

copying build/scripts-2.6/denyhosts.py -> /usr/bin

changing mode of /usr/bin/denyhosts.py to 755

running install_data

creating /usr/share/denyhosts//在/usr/share目录创建denyhosts目录

copying denyhosts.cfg-dist -> /usr/share/denyhosts

copying setup.py -> /usr/share/denyhosts

copying daemon-control-dist -> /usr/share/denyhosts

copying CHANGELOG.txt -> /usr/share/denyhosts

copying README.txt -> /usr/share/denyhosts

creating /usr/share/denyhosts/scripts

copying scripts/restricted_from_passwd.py -> /usr/share/denyhosts/scripts

copying scripts/restricted_from_invalid.py -> /usr/share/denyhosts/scripts

creating /usr/share/denyhosts/plugins

copying plugins/README.contrib -> /usr/share/denyhosts/plugins

copying plugins/shorewall_deny.sh -> /usr/share/denyhosts/plugins

copying plugins/test_deny.py -> /usr/share/denyhosts/plugins

copying plugins/shorewall_allow.sh -> /usr/share/denyhosts/plugins

copying LICENSE.txt -> /usr/share/denyhosts

running install_egg_info

Writing /usr/lib/python2.6/site-packages/DenyHosts-2.6-py2.6.egg-info

3. [root@localhost ~]#cd /usr/share/denyhosts/切换目录进入/usr/share/denyhosts目录

4.[root@localhost denyhosts]# cp denyhosts.cfg.disk denyhosts.cfg//拷贝一份denyhosts.cfg

DenyHosts参数配置

SECURE_LOG = /var/log/secure#ssh日志文件

HOSTS_DENY = /etc/hosts.deny #将阻止IP写入到hosts.deny

PURGE_DENY =30m#过多久后清除已阻止IP

BLOCK_SERVICE = sshd#阻止服务名

DENY_THRESHOLD_INVALID = 5//允许无效用户（在/etc/passwd未列出）登录失败次数,允许无效用户登录失败的次数.

DENY_THRESHOLD_VALID = 10#允许普通用户登录失败的次数

DENY_THRESHOLD_ROOT = 1//允许root登录失败的次数

DENY_THRESHOLD_RESTRICTED = 1#设定 deny host 写入到该资料夹

WORK_DIR = /usr/share/denyhosts/data #将deny的host或ip纪录到Work_dir中

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=YES #是否做域名反解

LOCK_FILE = /var/lock/subsys/denyhosts #将DenyHOts启动的pid纪录到LOCK_FILE中，已确保服务正确启动，防止同时启动多个服务。

ADMIN_EMAIL = #设置管理员邮件地址

SMTP_HOST = localhost

SMTP_PORT = 25

SMTP_FROM = DenyHosts < >

SMTP_SUBJECT = DenyHosts Report

AGE_RESET_VALID=5d

AGE_RESET_ROOT=25d

AGE_RESET_RESTRICTED=25d

AGE_RESET_INVALID=10d

DAEMON_LOG = /var/log/denyhosts#自己的日志文件

DAEMON_SLEEP = 30s

DAEMON_PURGE = 1h#该项与PURGE_DENY 设置成一样，也是清除hosts.deniedssh 用户的时间

5.DenyHosts启动文件配置

[root@localhost denyhosts]# cp daemon-control-dist daemon-control

[root@localhost denyhosts]# chown root daemon-control

[root@localhost denyhosts]# chmod 700 daemon-control

[root@localhost denyhosts]# ll

total 96

-rw-r--r-- 1 root root 16549 Dec 8 2006 CHANGELOG.txt

-rwx------ 1 root root 4076 Feb 27 18:38 daemon-control

-rwxr-xr-x 1 root root 4076 Apr 22 2006 daemon-control-dist

drwxr-xr-x 2 root root 4096 Feb 27 18:36 data

-rw-r--r-- 1 root root 777 Feb 27 16:44 denyhosts.cfg

-rw-r--r-- 1 root root 20830 Aug 20 2006 denyhosts.cfg-dist

-rw-r--r-- 1 root root 18009 Dec 17 2005 LICENSE.txt

drwxr-xr-x 2 root root 4096 Feb 27 16:36 plugins

-rw-r--r-- 1 root root 3575 Feb 3 2006 README.txt

drwxr-xr-x 2 root root 4096 Feb 27 16:36 scripts

-rw-r--r-- 1 root root 1522 Apr 5 2006 setup.py

[root@localhost denyhosts]# ./daemon-control #DenyHosts命令格式

Usage: ./daemon-control {start [args...] | stop | restart [args...] | status | debug | condrestart [args...] }

For a list of valid args refer to:

$ denyhosts.py --help

[root@localhost denyhosts]# ./daemon-control start #启动DenyHosts

starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg

如果要使DenyHosts每次重起后自动启动还需做如下设置：

[root@localhost denyhosts]# ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts//建立符号链接

[root@localhost denyhosts]# chkconfig --add denyhosts//增加denyhosts服务进程

[root@localhost denyhosts]# chkconfig denyhosts on//设置开机启动denyhosts

[root@localhost denyhosts]# chkconfig --list denyhosts

denyhosts 0:off 1:off 2:on 3:on 4:on 5:on 6:off

或者修改/etc/rc.local文件：

[root@localhost denyhosts]# vi /etc/rc.local

加入下面这条命令

echo "/usr/share/denyhosts/daemon-control start">>/etc/rc.local

6.[root@localhost denyhosts]# tail -f /var/log/secure

Feb 27 18:43:10 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=test

Feb 27 18:43:12 localhost login: FAILED LOGIN 1 FROM (null) FOR test, Authentication failure

Feb 27 18:43:15 localhost login: FAILED LOGIN 2 FROM (null) FOR test, Authentication failure

Feb 27 18:43:21 localhost login: FAILED LOGIN 3 FROM (null) FOR test, Authentication failure

Feb 27 18:43:26 localhost login: pam_unix(login:session): session opened for user test by LOGIN(uid=0)

Feb 27 18:43:26 localhost login: LOGIN ON tty1 BY test

Feb 27 18:45:32 localhost su: pam_unix(su:auth): authentication failure; logname=test uid=500 euid=0 tty=tty1 ruser=test rhost= user=root

Feb 27 18:45:47 localhost su: pam_unix(su-l:session): session opened for user root by test(uid=500)

Feb 27 19:00:03 localhost sshd[19861]: Accepted password for root from 192.168.40.41 port 4289 ssh2

转载于:https://blog.51cto.com/zh888/790707

你可能感兴趣的文章

Android自学--一篇文章基本掌握所有的常用View组件

查看>>

灰度图像和彩色图像

查看>>

通过vb.net 和NPOI实现对excel的读操作

查看>>

TCP segmentation offload

FreeMarker-Built-ins for strings

查看>>

验证DataGridView控件的数据输入

查看>>

POJ1033

查看>>

argparse - 命令行选项与参数解析（转）

CentOS 6.6 FTP install

查看>>

图解Ajax工作原理

查看>>