禁止固定IP访问Linux系统
项目名称:XX监测系统
巡检时间:2013年11月28日星期四
巡检人: 牛角书生
问题概述:
在2013年11月27日晚,发现不能远程访问WAP系统,次日早上,在公司访问正常,经查看系统日志(/var/log/secure)发现有3个固定IP,不间断的常识ssh访问系统,具体导致网络中断的原因尚不明确。
解决方案:
考虑该系统的实际情况,做出禁止固定IP访问的策略,即用iptables限制。
具体操作:
查看日志
[root@db2 etc]# tail -500 /var/log/secure (此处仅分别截取两条记录,实际记录较多)
Nov 28 00:25:18 db2 sshd[27535]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=61.164.110.112 user=root
Nov 28 00:25:20 db2 sshd[27535]: Failedpassword for root from 61.164.110.112 port 56867ssh2
Nov 28 00:25:20 db2 sshd[27536]: Receiveddisconnect from 61.164.110.112: 11: Bye Bye
Nov 28 00:25:21 db2 sshd[27545]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=61.164.110.112 user=root
Nov 28 00:25:23 db2 sshd[27545]: Failedpassword for root from 61.164.110.112 port 60728ssh2
Nov 28 00:25:23 db2 sshd[27546]: Receiveddisconnect from 61.164.110.112: 11: Bye Bye
Nov 28 00:25:24 db2 sshd[27562]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=58.215.16.147 user=root
Nov 28 00:25:25 db2 sshd[27562]: Failedpassword for root from58.215.16.147 port 36272 ssh2
Nov 28 00:25:25 db2 sshd[27563]: Receiveddisconnect from 58.215.16.147: 11: Bye Bye
Nov 28 00:25:26 db2 sshd[27571]: pam_unix(sshd:auth):authentication failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=58.215.16.147 user=root
Nov 28 00:25:28 db2 sshd[27571]: Failedpassword for root from 58.215.16.147 port 39393 ssh2
Nov 28 00:25:28 db2 sshd[27572]: Receiveddisconnect from 58.215.16.147: 11: Bye Bye
Nov 28 00:25:28 db2 sshd[27573]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=212.146.83.246 user=root
Nov 28 00:25:30 db2 sshd[27573]: Failedpassword for root from 212.146.83.246 port 42894 ssh2
Nov 28 00:25:30 db2 sshd[27574]: Receiveddisconnect from 212.146.83.246: 11: Bye Bye
Nov 28 00:25:31 db2 sshd[27582]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=212.146.83.246 user=root
Nov 28 00:25:33 db2 sshd[27582]: Failedpassword for root from212.146.83.246 port 46443 ssh2
配置iptables策略
[root@db2 etc]# iptables -A INPUT -p tcp -s61.164.110.112 -j DROP
[root@db2 etc]# iptables -A INPUT -p tcp -s212.146.83.246 -j DROP
[root@db2 etc]# iptables -A INPUT -p tcp -s58.215.16.147 -j DROP
[root@db2 etc]# iptables-save 保存
# Generated by iptables-save v1.3.5 on ThuNov 28 09:41:02 2013
*filter
:INPUT ACCEPT [110725:19181174]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [110361:38181970]
-A INPUT -s 61.164.110.112 -p tcp -j DROP
-A INPUT -s 212.146.83.246 -p tcp -j DROP
-A INPUT -s 58.215.16.147 -p tcp -j DROP
COMMIT
# Completed on Thu Nov 28 09:41:02 2013
[root@db2 etc]# service iptables save
将当前规则保存到 /etc/sysconfig/iptables:[确定]
[root@db2 etc]# service iptables restart
清除防火墙规则:[确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块:[确定]
应用 iptables 防火墙规则:[确定]
载入额外 iptables 模块:ip_conntrack_netbios_ns [确定]
查看策略
[root@db2 etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 61.164.110.112 anywhere
DROP tcp -- 212.146.83.246 anywhere
DROP tcp -- 58.215.16.147 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
至此问题解决!