以下參考:( v: Y$ I! V( ~2 b: e6 A
http://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts9 g$ `" I8 C/ \& ~+ h+ I' _8 y
http://www.cnblogs.com/taosim/articles/3134394.html
- F( E$ Q( P2 m4 Q! B. n2 C5 C0 l4 @
1) 在/etc/ssh/sshd_config加入下列一行; J2 g: s; h% ^* P Q5 X' S# ]
7 @5 U, Z& a+ n2 ~
2 p8 H' l( o9 Z7 q, V. q1 h- X) k2) 在防火牆加入下列規則
" I. S+ F! n o: x. K- iptables -N SSHATTACK
0 ^) g! F, H$ F! H - iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
* Z, o% B \: A& D& l3 i - iptables -A SSHATTACK -j DROP
4 x4 D/ b/ ]5 q7 ^2 ]
3) 在/var/log/syslog 觀察可能的ssh攻擊3 t8 b7 ~, _. L; U, l
- Dec 27 18:01:58 ubuntu kernel: [ 510.007570] Possible SSH attack! IN=eth0 OUT= MAC=01:2c:18:47:43:2d:10:c0:31:4d:11:ac:f8:01 SRC=192.168.203.129 DST=192.168.203.128 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30948 DF PROTO=TCP SPT=53272 DPT=1785 WINDOW=14600 RES=0x00 SYN URGP=0
4 N4 h2 B+ S! a O" m# e' W" R. f( B5 o+ |6 |! h/ }
+ z! \ L) l: _( [
* N2 {$ M5 Q. s
|
|
發表於 2016-4-15 12:34:32
收藏
分享
讚
爛