安装条件,判断sshd是否支持tcp_wrappers 需要python一般默认都安装了
[root@server01 ~]# ldd /usr/sbin/sshd |greplibwrap*
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007fded7bd6000)
下载安装包denyhosts安装包,2.6版本
各种版本地址http://sourceforge.net/projects/denyhosts/files/denyhosts/
wgethttp://sourceforge.net/projects/denyhosts/files/latest/download?source=files
tar -zxf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
程序脚本自动安装到目录ls /usr/share/denyhosts/下
库文件安装到ls /usr/lib/python2.6/site-packages/Deny*
/usr/lib/python2.6/site-packages/DenyHosts-2.6-py2.6.egg-info
/usr/lib/python2.6/site-packages/DenyHosts:
设置启动脚本,命令如下
cd /usr/share/denyhosts/
chmod 700 daemon-control-dist
grep -v "^#" denyhosts.cfg-dist>denyhosts.cfg
vi denyhosts.cfg
可以参照denyhosts.cfg-dist内提示修改
主要是
DENY_THRESHOLD_VALID = 5 普通用户登录失败次数
DENY_THRESHOLD_ROOT = 3 root用户允许失败次数
HOSTNAME_LOOKUP=NO 不解析域名
设置自动启动
cd /etc/init.d/
ln -s/usr/share/denyhosts/daemon-control-dist denyhosts
chkconfig --add denyhosts
chkconfig --level 345 denyhosts on
启动后通过server02 测试发现
[root@server02 ~]# ssh 192.168.100.30
ssh_exchange_identification: Connectionclosed by remote host
查看server01的denyhosts文件发现禁止的用户IP已添加
[root@server01 init.d]# cat /etc/hosts.deny|tail -2
# DenyHosts: Tue Feb 19 16:10:12 2013 |sshd: 192.168.100.31
sshd: 192.168.100.31
ssh脚本防破解,读取日志文件分析登录失败次数过多的IP将其禁止
#/bin/bash
cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort |uniq -c >/root/blackhosts.txt
DEFINE='3'
while read i
do
IP=`echo $i |awk '{print $2}'`
NUM=`echo $i |awk '{print $1}'`
if [ $NUM -gt $DEFINE ];
then
grep $IP /etc/hosts.deny >/dev/null
if [ $? -ne 0 ];
then
echo "sshd: $IP" >> /etc/hosts.deny
fi
fi
done<blackhosts.txt