Denyhosts防止ssh暴力破解

1、下载解压安装

wget https://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.10/denyhosts-2.10.zip

unzip denyhosts-2.10.zip

cd denyhosts-2.10

python setup.py install

 

2、修改配置

 

 cat /etc/denyhosts.conf |grep -v "^#" |grep -v "^$"

      ############ THESE SETTINGS ARE REQUIRED ############

SECURE_LOG = /var/log/secure

HOSTS_DENY = /etc/hosts.deny

PURGE_DENY = 8h

BLOCK_SERVICE  = sshd

DENY_THRESHOLD_INVALID = 1

DENY_THRESHOLD_VALID = 5

DENY_THRESHOLD_ROOT = 1

DENY_THRESHOLD_RESTRICTED = 1

WORK_DIR = /var/lib/denyhosts

ETC_DIR = /etc

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=NO

LOCK_FILE = /var/run/denyhosts.pid

      ############ THESE SETTINGS ARE OPTIONAL ############

IPTABLES = /sbin/iptables

ADMIN_EMAIL = root@localhost

SMTP_HOST = localhost

SMTP_PORT = 25

SMTP_FROM = DenyHosts <nobody@localhost>

SMTP_SUBJECT = DenyHosts Report

ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO

AGE_RESET_VALID=2d

AGE_RESET_ROOT=25d

AGE_RESET_RESTRICTED=25d

AGE_RESET_INVALID=10d

  ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########

DAEMON_LOG = /var/log/denyhosts

 

DAEMON_SLEEP = 30s

DAEMON_PURGE = 1h

  #########   THESE SETTINGS ARE SPECIFIC TO     ##########

  #########       DAEMON SYNCHRONIZATION         ##########

SYNC_UPLOAD = no

SYNC_DOWNLOAD = no

 

3、启动服务

cp -rp denyhosts.service /usr/lib/systemd/system/

systemctl enable denyhosts.service

systemctl start denyhosts.service

 

说明:

denyhosts的记录文件都存放在/var/lib/

posted @ 2022-08-03 14:22  leiuk  阅读(28)  评论(0编辑  收藏  举报