分析Linux系统/var/log/secure安全日志文件,将黑客或者恶意登陆次数大于20次的IP地址加入Iptables防火墙黑名单;
- 首先查看安全日志文件
[root@localhost ~]# cat /var/log/secure|more
Jun 5 10:2
必看视频!获取2024年最新Java开发全套学习资料 备注Java
5:56 localhost sshd[10165]: Accepted password for root from 192.168.10.1 port 58525 ssh2
Jun 5 10:25:56 localhost sshd[10165]: pam_unix(sshd:session): session opened for user root by (uid=
Jun 5 10:25:59 localhost sshd[10184]: Accepted password for root from 192.168.10.1 port 58528 ssh2
Jun 5 10:25:59 localhost sshd[10184]: pam_unix(sshd:session): session opened for user root by (uid=
Jun 5 12:51:19 localhost sshd[10394]: Accepted password for root from 192.168.10.1 port 64063 ssh2
Jun 5 12:51:19 localhost sshd[10394]: pam_unix(sshd:session): session opened for user root by (uid=
Jun 5 13:03:00 localhost sshd[10428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 e
uid=0 tty=ssh ruser= rhost=192.168.10.1 user=root
Jun 5 13:03:00 localhost sshd[10428]: pam_succeed_if(sshd:auth): requirement “uid >= 1000” not met
by user “root”
Jun 5 13:03:02 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:06 localhost sshd[10428]: pam_succeed_if(sshd:auth): requirement “uid >= 1000” not met
by user “root”
Jun 5 13:03:08 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:14 localhost sshd[10428]: pam_succeed_if(sshd:auth): requirement “uid >= 1000” not met
–More–
- 过滤其它ip,只看登录失败的ip地址
[root@localhost ~]# grep “Failed password” /var/log/secure
Jun 5 13:03:02 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:08 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:16 localhost sshd[10428]: Failed password for root from 192.168.10.1 port 64400 ssh2
Jun 5 13:03:27 localhost sshd[10431]: Failed password for root from 192.168.10.1 port 64438 ssh2
Jun 5 13:15:33 localhost sshd[10442]: Failed password for root from 192.168.10.10 port 49796 ssh2
Jun 5 13:15:38 localhost sshd[10442]: Failed password for root from 192.168.10.10 port 49796 ssh2
Jun 5 13:15:38 localhost sshd[10442]: Failed password for root from 192.168.10.10 port 49796 ssh2
Jun 5 13:15:46 localhost sshd[10444]: Failed password for root from 192.168.10.10 port 49798 ssh2
Jun 5 13:15:50 localhost sshd[10444]: Failed password for root from 192.168.10.10 port 49798 ssh2
Jun 5 13:15:53 localhost sshd[10444]: Failed password for root from 192.168.10.10 port 49798 ssh2
Jun 5 13:15:59 localhost sshd[10446]: Failed password for root from 192.168.10.10 port 49800 ssh2
Jun 5 13:16:00 localhost sshd[10446]: Failed password for root from 192.168.10.10 port 49800 ssh2
Jun 5 13:16:02 localhost sshd[10446]: Failed password for root from 192.168.10.10 port 49800 ssh2
[root@localhost ~]#
- 打印登录失败的ip
[root@localhost ~]# grep “Failed password” /var/log/secure |awk ‘{print$(NF-3)}’
192.168.10.1
192.168.10.1
192.168.10.1
192.168.10.1
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
192.168.10.10
[root@localhost ~]#
最后
无论是哪家公司,都很重视基础,大厂更加重视技术的深度和广度,面试是一个双向选择的过程,不要抱着畏惧的心态去面试,不利于自己的发挥。同时看中的应该不止薪资,还要看你是不是真的喜欢这家公司,是不是能真的得到锻炼。
针对以上面试技术点,我在这里也做一些分享,希望能更好的帮助到大家。
针对以上面试技术点,我在这里也做一些分享,希望能更好的帮助到大家。
[外链图片转存中…(img-dlVNwEgb-1716355364888)]
[外链图片转存中…(img-Yg1TBzVF-1716355364889)]
[外链图片转存中…(img-bPfIMejm-1716355364889)]