\u4e00\u3001DenyHost\u7b80\u4ecb
\nDenyHosts\u662fPython\u8bed\u8a00\u5199\u7684\u4e00\u4e2a\u7a0b\u5e8f\u8f6f\u4ef6\uff0c\u8fd0\u884c\u4e8eLinux\u4e0a\u9884\u9632SSH\u66b4\u529b\u7834\u89e3\u7684\uff0c\u5b83\u4f1a\u5206\u6790sshd\u7684\u65e5\u5fd7\u6587\u4ef6\uff08\/var\/log\/secure\uff09\uff0c\u5f53\u53d1\u73b0\u91cd\u590d\u7684\u653b\u51fb\u65f6\u5c31\u4f1a\u8bb0\u5f55IP\u5230\/etc\/hosts.deny\u6587\u4ef6\uff0c\u4ece\u800c\u8fbe\u5230\u81ea\u52a8\u5c4fIP\u7684\u529f\u80fd\u3002
\n\u5b98\u7f51\u5730\u5740\uff1ahttp:\/\/denyhosts.sourceforge.net\/
\nDenyHosts\u5b89\u88c5\u5305\u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/sourceforge.net\/projects\/denyhosts\/files\/
\n\u4e8c\u3001\u5b89\u88c5\u8fc7\u7a0b<\/p>\n
tar zxvf DenyHosts-2.6.tar.gz #\u89e3\u538b\u6e90\u7801\u5305\ncd DenyHosts-2.6 #\u8fdb\u5165\u5b89\u88c5\u89e3\u538b\u76ee\u5f55\npython setup.py install #\u5b89\u88c5DenyHosts\ncd \/usr\/share\/denyhosts\/ #\u9ed8\u8ba4\u5b89\u88c5\u8def\u5f84\ncp denyhosts.cfg-dist denyhosts.cfg #denyhosts.cfg\u4e3a\u914d\u7f6e\u6587\u4ef6\ncp daemon-control-dist daemon-control #daemon-control\u4e3a\u542f\u52a8\u7a0b\u5e8f\nchown root daemon-control #\u6dfb\u52a0root\u6743\u9650\nchmod 700 daemon-control #\u4fee\u6539\u4e3a\u53ef\u6267\u884c\u6587\u4ef6\nln -s \/usr\/share\/denyhosts\/daemon-control \/etc\/init.d #\u5bf9daemon-control\u8fdb\u884c\u8f6f\u8fde\u63a5\uff0c\u65b9\u4fbf\u7ba1\u7406\n\n\u5b89\u88c5\u5230\u8fd9\u4e00\u6b65\u5c31\u5b8c\u6210\u4e86\u3002\n\/etc\/init.d\/daemon-control start #\u542f\u52a8denyhosts\nchkconfig daemon-control on #\u5c06denghosts\u8bbe\u6210\u5f00\u673a\u542f\u52a8\n<\/code><\/pre>\n\u4e09\u3001\u914d\u7f6e\u6587\u4ef6\u7b80\u8981\u8bf4\u660e<\/p>\n
vim \/usr\/share\/denyhosts\/denyhosts.cfg #\u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\uff0c\u53e6\u5916\u5173\u4e8e\u914d\u7f6e\u6587\u4ef6\u4e00\u4e9b\u53c2\u6570\uff0c\u901a\u8fc7grep -v \"^#\" denyhosts.cfg\u67e5\u770b\nSECURE_LOG = \/var\/log\/secure #ssh \u65e5\u5fd7\u6587\u4ef6 #redhat\u7cfb\u5217\u6839\u636e\/var\/log\/secure\u6587\u4ef6\u6765\u5224\u65ad\uff1b\n #Mandrake\u3001FreeBSD\u6839\u636e \/var\/log\/auth.log\u6765\u5224\u65ad\uff1b\n #SUSE\u5219\u662f\u7528\/var\/log\/messages\u6765\u5224\u65ad\uff0c\u8fd9\u4e9b\u5728\u914d\u7f6e\u6587\u4ef6\u91cc\u9762\u90fd\u6709\u5f88\u8be6\u7ec6\u7684\u89e3\u91ca\u3002\nHOSTS_DENY = \/etc\/hosts.deny #\u63a7\u5236\u7528\u6237\u767b\u9646\u7684\u6587\u4ef6\nPURGE_DENY = 30m #\u8fc7\u591a\u4e45\u540e\u6e05\u9664\u5df2\u7ecf\u7981\u6b62\u7684\uff0c\u8bbe\u7f6e\u4e3a30\u5206\u949f\uff1b\n# \u2018m\u2019 = minutes\n# \u2018h\u2019 = hours\n# \u2018d\u2019 = days\n# \u2018w\u2019 = weeks\n# \u2018y\u2019 = years\nBLOCK_SERVICE = sshd #\u7981\u6b62\u7684\u670d\u52a1\u540d\uff0c\u5f53\u7136DenyHost\u4e0d\u4ec5\u4ec5\u7528\u4e8eSSH\u670d\u52a1\nDENY_THRESHOLD_INVALID = 1 #\u5141\u8bb8\u65e0\u6548\u7528\u6237\u5931\u8d25\u7684\u6b21\u6570\nDENY_THRESHOLD_VALID = 3 #\u5141\u8bb8\u666e\u901a\u7528\u6237\u767b\u9646\u5931\u8d25\u7684\u6b21\u6570\nDENY_THRESHOLD_ROOT = 3 #\u5141\u8bb8root\u767b\u9646\u5931\u8d25\u7684\u6b21\u6570\nDAEMON_LOG = \/var\/log\/denyhosts #DenyHosts\u65e5\u5fd7\u6587\u4ef6\u5b58\u653e\u7684\u8def\u5f84\uff0c\u9ed8\u8ba4\n\n\u66f4\u6539DenyHosts\u7684\u9ed8\u8ba4\u914d\u7f6e\u4e4b\u540e\uff0c\u91cd\u542fDenyHosts\u670d\u52a1\u5373\u53ef\u751f\u6548:\n\/etc\/init.d\/daemon-control restart #\u91cd\u542fdenyhosts\n<\/code><\/pre>\n\u76d1\u63a7\u975eSSH\u670d\u52a1
\n\u9700\u8981\u6dfb\u52a0\u6b63\u5219\u5339\u914d\uff0c\u5b98\u65b9\u6587\u6863\u6709\u8bf4\u660e\u3002<\/p>\n
\u76f8\u4f3c\u5de5\u5177
\nFail2Ban\uff0c\u4f7f\u7528iptables
\nBlockHosts
\nBlacklist<\/p>\n
SSH\u5b89\u5168\u914d\u7f6e
\nPermitRootLogin no
\nPasswordAuthentication no
\nPort 59922<\/p>\n
\u53c2\u8003\u6587\u7ae0\uff1ahttps:\/\/www.cnblogs.com\/lcword\/p\/5912625.html<\/p>\n","protected":false},"excerpt":{"rendered":"