陈伟堂 2012-08-21
可以使用denyhost这款开源软件,或者自己编写个检测脚本放入到crontab里面。实现自动检测那些某段时间内长时间试探密码的用户。
denyhost
下载地址http://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
denyhost安装需要python支持,centos默认已安装。
tar -zxvf DenyHosts-2.6.tar.gz cd DenyHosts-2.6 python setup.py install cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg vi /usr/share/denyhosts/denyhosts.cfg # 用户登录的日志文件 SECURE_LOG = /var/log/auth.log # 禁止登陆的主机文件 HOSTS_DENY = /etc/hosts.deny # 清除已禁止主机的时间 PURGE_DENY = 5d # 禁止的服务名 BLOCK_SERVICE = sshd # 允许无效用户登录失败的次数 DENY_THRESHOLD_INVALID = 1 # 允许普通用户登陆失败的次数 DENY_THRESHOLD_VALID = 3 # 允许 root 用户登陆失败的次数 DENY_THRESHOLD_ROOT = 3 # 是否做域名反解 HOSTNAME_LOOKUP=NO # 管理员邮件地址 ADMIN_EMAIL = [email protected] # SMTP 的相关设置 SMTP_HOST = mail.domain.com SMTP_PORT = 25 [email protected] SMTP_PASSWORD=password SMTP_FROM = DenyHosts SMTP_SUBJECT = DenyHosts Report from domain.com # DenyHosts 的日志文件 DAEMON_LOG = /var/log/denyhosts 设置启动脚本 cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control chown root /usr/share/denyhosts/daemon-control chmod 755 /usr/share/denyhosts/daemon-control ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts chkconfig --level 345 denyhosts on 启动denyhosts service denyhosts start
参考http://www.kuaiwenba.com/article/324.html