linux云主机无法远程登录
1、ssh连接远程服务器显示
Connecting to 43.240.247.107:22...
Connection established.
Server closed connection.
Pleaseclose dialog to finalize this session.
Connection closing...Socket close.
Connection closed by foreign host
大概率是因为被暴力破解导致,先登录云平台,使用云平台的vnc控制台登录
输入
Centos
2、centos查看由于密码错误登录失败次数
cat /var/log/secure | grep "Failed password" -c
[root@dcxfvbhbnghj97 ~]# cat /var/log/secure | grep "Failed password" -c
1429
[root@dcxfvbhbnghj97 ~]#
3、centos查看某个用户失败次数
pam_tally2 -u root
[root@dcxfvbhbnghj97 ~]# pam_tally2 -u root
Login Failures Latest failure From
root 890 09/09/20 07:56:11 35.226.189.158
[root@dcxfvbhbnghj97 ~]#
4、centos查看多少IP暴力破解多少次
find /var/log -name 'secure*' -type f | while read line;do awk '/Failed/{print $(NF-3)}' $line;done | awk '{a[$0]++}END{for (j in a) if(a[j] > 20) print j"="a[j]}' | sort -n -t'=' -k 2
[root@dcxfvbhbnghj97 ~]# find /var/log -name 'secure*' -type f | while read line;do awk '/Failed/{print $(NF-3)}' $line;done | awk '{a[$0]++}END{for (j in a) if(a[j] > 20) print j"="a[j]}' | sort -n -t'=' -k 2
161.97.110.90=35
177.78.135.87=54
116.153.32.212=106
75.97.246.254=180
36.41.174.139=952
[root@dcxfvbhbnghj97 ~]#
4、centos解除登录锁定
解除锁定后才能用ssh登录pam_tally2 -u root -r
[root@dcxfvbhbnghj97 ~]# pam_tally2 -u root -r
Login Failures Latest failure From
root 890 09/09/20 07:56:11 35.226.189.158
[root@dcxfvbhbnghj97 ~]# pam_tally2 -u root
Login Failures Latest failure From
root 0
[root@dcxfvbhbnghj97 ~]#
ubuntu的和centos有点区别
Ubuntu安全日志不在secure里面,在auth.log里面
1、查看次数
cat /var/log/auth.log | grep 'Invalid' | awk '{print $8}' | sort | uniq -c | sort -bn
root@vultr:/var/log# cat /var/log/auth.log | grep 'Invalid' -c
1693
root@vultr:/var/log#
2、详细点的(每个用户尝试次数)
cat /var/log/auth.log | grep 'Invalid' | awk '{print $8}' | sort | uniq -c | sort -bn
详细点的(每个用户尝试次数)
........
30 dev
30 server
30 ts3
34 debian
35 postgres
35 weblogic
37 git
37 odoo
37 www
38 guest
40 svn
42 oracle
42 test
42 ubuntu
58 user
91 admin
......
3、尝试IP和尝试的用户名
cat /var/log/auth.log | grep 'Invalid' | awk '{print $8}' | sort | uniq -c | sort -bn
......
84.22.49.174 informix
84.92.92.196 minecraft
85.209.0.50 admin
85.234.166.93 pi
89.144.47.28 ubnt
91.121.211.34 DUP
91.134.214.153 vcsa
92.253.40.158 support
92.39.62.17 Administrator
93.237.47.100 pi
93.237.47.100 pi
93.64.5.34 splunk
93.91.171.250 admin
.....