資料來源:centos 禁止SSH暴力扫描
DenyHosts 2.6版下載網址:
DenyHosts 2.6 on SourceForge (更新日期2006-12-07)
下載、解壓縮、安裝:
wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdenyhosts%2Ffiles%2Fdenyhosts%2F2.6%2F&ts=1300349050&use_mirror=ncu
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
cd /usr/share/denyhosts/
cp denyhosts.cfg-dist denyhosts.cfg
vim denyhosts.cfg
設定:
PURGE_DENY = 5m
#過多久後清除已封鎖的
BLOCK_SERVICE = sshd
#封鎖的服務
DENY_THRESHOLD_INVALID = 1
#允許無效帳號失敗的次數
DENY_THRESHOLD_VALID = 10
#允許一般帳號失敗的次數
DENY_THRESHOLD_ROOT = 5
#允許root失敗的次數
HOSTNAME_LOOKUP = NO
#是否進行反查
ADMIN_EMAIL = admin@test.com
#封鎖IP時寄發通知信
設定啟動:
cp daemon-control-dist daemon-control
vi daemon-control
啟動:
chmod 700 daemon-control
./daemon-control start
設定自動啟動:
vi /etc/rc.local
加入 /usr/share/denyhosts/daemon-control start
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
chkconfig denyhosts --add
DenyHosts 2.6版下載網址:
DenyHosts 2.6 on SourceForge (更新日期2006-12-07)
下載、解壓縮、安裝:
wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdenyhosts%2Ffiles%2Fdenyhosts%2F2.6%2F&ts=1300349050&use_mirror=ncu
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
cd /usr/share/denyhosts/
cp denyhosts.cfg-dist denyhosts.cfg
vim denyhosts.cfg
設定:
PURGE_DENY = 5m
#過多久後清除已封鎖的
BLOCK_SERVICE = sshd
#封鎖的服務
DENY_THRESHOLD_INVALID = 1
#允許無效帳號失敗的次數
DENY_THRESHOLD_VALID = 10
#允許一般帳號失敗的次數
DENY_THRESHOLD_ROOT = 5
#允許root失敗的次數
HOSTNAME_LOOKUP = NO
#是否進行反查
ADMIN_EMAIL = admin@test.com
#封鎖IP時寄發通知信
設定啟動:
cp daemon-control-dist daemon-control
vi daemon-control
啟動:
chmod 700 daemon-control
./daemon-control start
設定自動啟動:
vi /etc/rc.local
加入 /usr/share/denyhosts/daemon-control start
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
chkconfig denyhosts --add
留言