一、创建普通用户,禁用root远程登录
添加普通用户(admin)
# useradd admin
设置密码:
# passwd admin
设置文件夹,且admin有写入和读取权限
# mkdir /data/temp/
# chown -R admin /data/temp/
# chmod -R u+r /data/temp/
# chmod -R u+w /data/temp/
禁用root远程登录及修改22端口:
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_back
# vi /etc/ssh/sshd_config
修改内容:
PermitRootLogin no
PermitEmptyPasswords no #禁止空密码登录
#UseDNSno #关闭DNS查询
Port 22 #等全部配置完毕,在移除此参数
Port 8999 #修改端口
# systemctl start sshd.service
# netstat -tpnl | grep ssh
以后用admin账号登录,在切换到root,使用命令# su
网址:http://denyhosts.sourceforge.net/
本文在 /data/rule/安装:
# mkdir /data
# cd /data
# mkdir rule
yum在线下载:
# cd /usr/src
# yum install wget -y
# wget http://ncu.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
解压:
# tar -xzvf DenyHosts-2.6.tar.gz
# cd DenyHosts-2.6
安装:
# python setup.py install
删除文件:
# rm DenyHosts-2.6.tar.gz
# rm -rf DenyHosts-2.6
创建日志文件夹:
# cd /data/rule
# mkdir DenyHosts
# cd DenyHosts
# mkdir logs
切换目录进入denyhosts目录:
# cd /usr/share/denyhosts/
# cp denyhosts.cfg-dist denyhosts.cfg-dist_back
# cp denyhosts.cfg-dist denyhosts.cfg
# vi denyhosts.cfg
切换到命令行模式
:1,$d
清空内容,然后输入如下内容:
# format is: i[dhwmy]
# Where i is an integer (eg. 7)
# m = minutes
# h = hours
# d = days
# w = weeks
# y = years
#
# never purge:
SECURE_LOG=/var/log/secure
PURGE_DENY=50m
HOSTS_DENY=/etc/hosts.deny
BLOCK_SERVICE=sshd
DENY_THRESHOLD_INVALID=10
DENY_THRESHOLD_VALID=10
DENY_THRESHOLD_ROOT=10
WORK_DIR=/usr/local/share/denyhosts/data
DENY_THRESHOLD_RESTRICTED =1
LOCK_FILE=/var/lock/subsys/denyhosts
HOSTNAME_LOOKUP=NO
#ADMIN_EMAIL=xxxxx@qq.com
DAEMON_LOG=/data/rule/DenyHosts/logs/denyhosts
DAEMON_PURGE=10m
解释如下:
# format is: i[dhwmy]
# Where i is an integer (eg. 7)
# m = minutes
# h = hours
# d = days
# w = weeks
# y = years
#
# never purge:
SECURE_LOG = /var/log/secure #ssh日志文件
PURGE_DENY = 50m #过多久后清除已阻止IP
HOSTS_DENY = /etc/hosts.deny #将阻止IP写入到hosts.deny
BLOCK_SERVICE = sshd #阻止服务名
DENY_THRESHOLD_INVALID = 10 #允许无效用户登录失败的次数
DENY_THRESHOLD_VALID = 10 #允许普通用户登录失败的次数
DENY_THRESHOLD_ROOT = 10 #允许root登录失败的次数
WORK_DIR = /usr/local/share/denyhosts/data #将deny的host或ip纪录到Work_dir中
DENY_THRESHOLD_RESTRICTED = 1 #设定 deny host 写入到该资料夹
LOCK_FILE = /var/lock/subsys/denyhosts #将DenyHOts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。
HOSTNAME_LOOKUP=NO #是否做域名反解
#ADMIN_EMAIL =xxxx@qq.com #设置管理员邮件地址
DAEMON_LOG = /var/log/denyhosts #自己的日志文件
DAEMON_PURGE = 10m #该项与PURGE_DENY 设置成一样,也是清除hosts.deniedssh 用户的时间。
注意:不能把带注释的配置文件粘贴上去,会报错!!!
DenyHosts启动文件配置:
# cd /usr/share/denyhosts/
# cp daemon-control-dist daemon-control
# chown root daemon-control
# chmod 700 daemon-control
启动DenyHosts:
# ./daemon-control start
DenyHosts自动启动:
# cd /usr/share/denyhosts/
建立符号链接:
# ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
增加denyhosts服务进程:
#chkconfig --add denyhosts
设置开机启动denyhosts:
# chkconfig denyhosts on
# systemctl status denyhosts.service
查看日志异常信息:
# cat /var/log/secure
三、防止恶意扫描PortSentry
四、Linux后门入侵检测工具的使用 rootkit
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-