current position:Home>There were 1978 failed login attempts since... Denyhosts

There were 1978 failed login attempts since... Denyhosts

2021-08-27 09:39:25 Front end_ Kakashi

This is my participation 8 The fourth of the yuegengwen challenge 23 God , Check out the activity details :8 Yuegengwen challenge

  Log in to the server today , Found a great tip :

Oh my god , 1978 Login attempts failed , Is there a bad guy staring at my server !!

( I believe many people have encountered this problem , Don't worry too much , Generally, this kind of robot is a good man scanning weak ports .)

solve

Inquired about the information , There are mainly the following solutions :

  1. Replacement port ( Simple and easy );
  2. Rational use of safety groups , Limit 22 Port inflow ip;
  3. iptables Add only your ip Section visit 22 port ;
  4. Use  fail2ban、denyhosts Tools such as ;
  5. and so on...

Next, let's focus on  denyhosts Tool use , The rest of the methods we search by ourselves

  1. After logging in to the server, you'd better check the installation environment first

   1.1  Judge the installation of the system sshd Do you support tcp_wrappers( By default, it supports )

ldd /usr/sbin/sshd |grep libwrap.so.0
 Copy code 

    Output : libwrap.so.0 => /lib64/libwrap.so.0 Express support

    1.2 Judge Python edition ,2.3 Version and above support ( Attention is big V)

python -V
 Copy code 
  1. install

    can yum Install or download the installation package by yourself ( I choose the latter )

    2.1 stay denyhosts.sourceforge.net/  Download the compressed package and upload it to the server

    2.2 Install and unzip

        Execute... In the directory where the installation package is located

        decompression (2.6 edition )

tar -zxvf DenyHosts-2.6.tar.gz
 Copy code 

install

cd DenyHosts-2.6
python setup.py install
 Copy code 

Program scripts are automatically installed in :/usr/share/denyhosts Catalog
The library files are installed in :/usr/lib/python2.6/site-packages/DenyHosts Under the table of contents
denyhosts.py Default installed in :/usr/bin/ Under the table of contents

2.3 Set startup script

cd /usr/share/denyhosts/
cp daemon-control-dist daemon-control
chown root daemon-control
chmod 700 daemon-control
 Copy code 

take denyhosts.cfg-dist Not with "#" Beginning line , write in denyhosts.cfg file

grep -v "^#" denyhosts.cfg-dist > denyhosts.cfg
 Copy code 

To configure denyhosts.cfg

vi denyhosts.cfg
 Copy code 

Refer to for specific configuration items :

############ THESE SETTINGS ARE REQUIRED ############
            ## Analyze source file 
            SECURE_LOG = /var/log/secure
            ## prohibit sshd Landed IP Store documents 
            HOSTS_DENY = /etc/hosts.deny
            
            ## How long before we clear the forbidden IP
            PURGE_DENY =  1d
            
            
            ## Monitored service name 
            BLOCK_SERVICE  = sshd
            
            ## Indicates the number of login failures allowed for invalid users 
            DENY_THRESHOLD_INVALID = 3
            
            ## Indicates the number of login failures allowed for ordinary users 
            DENY_THRESHOLD_VALID = 3
            
            ## It means to allow root The number of user login failures 
            DENY_THRESHOLD_ROOT = 3
            
            
            DENY_THRESHOLD_RESTRICTED = 1
            
            
            WORK_DIR = /usr/share/denyhosts/data
            
            SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
            
            ## Whether to do domain name reverse solution 
            HOSTNAME_LOOKUP=NO
            
            
            LOCK_FILE = /var/lock/subsys/denyhosts
 Copy code 

2.4   take denyhosts Add to system services and start automatically

vi /etc/rc.local 
 Copy code 

Add the following at the end

/usr/share/denyhosts/daemon-control start
 Copy code 

Add to system services

ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
chkconfig --level 345 denyhosts on
 Copy code 

2.5  start-up denyhosts

service denyhosts start
 Copy code 

2.6  see denyhosts Whether it runs successfully or not

service denyhosts status
 Copy code 

Tips : DenyHosts is running with pid = XXXX, That is, the operation is successful .

copyright notice
author[Front end_ Kakashi],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2021/08/20210827093922120B.html

Random recommended