Защищаемся в CentOS от подбора пароля по сети

Denyhosts – это скрипт, написанный на Python для защиты SSH серверов от переборов паролей (брутфорса).Скрипт отслеживает логи системы о неудачных авторизациях.
Denyhosts работает следующим образом: он проверяет логи и добавляет в /etc/hosts.deny ip адреса, с которых наблюдается много попыток неудачного входа. Для того чтобы это работало, ssh должен быть собран с tcpwrappers (что делается по умолчанию). Для установки denyhosts необходим репозитарий EPEL. Проверяем, есть ли EPEL  в списке репозитариев:

yum repolist

Как добавить репозитарий если нет, читаем тут: Репозитории Centos 6

Установка:

yum install denyhosts

Сохраняем конфиг по умолчанию (на случай отката обратно):

cp /etc/denyhosts.conf /etc/denyhosts.conf.default

Создадим файл, куда будут записываться ip-адреса забаненых:

touch /etc/hosts.denyssh

Редактируем доступ к серверу:

vi /etc/hosts.allow

Содержимое файла:

# разрешаем локальной сети и vpn каналу
 sshd : 192.168.17.0/255.255.255.0 : allow
 sshd : 192.168.222.0/255.255.255.0 : allow
# запретим доступ списку из файла
 sshd : /etc/hosts.denyssh : deny
# остальным разрешим
 sshd : ALL : allow

Редактируем конфиг:

vi /etc/denyhosts.conf

Содержимое моего конфига denyhosts.conf:

# — Путь до логов, куда помещается информация о соединениях
SECURE_LOG = /var/log/secure

# — ip — адреса забаненых
HOSTS_DENY = /etc/hosts.denyssh

# — Период бана (2y — два года)
PURGE_DENY = 2y

# —
#PURGE_THRESHOLD = 2 

# — какие сервисы контролировать (например: ftpd)
BLOCK_SERVICE = sshd

# — Количество попыток входа с несуществующим логином
DENY_THRESHOLD_INVALID = 7

# — Количество попыток входа с неверным паролем
DENY_THRESHOLD_VALID = 7

# — Количество попыток войти c учетной записью root
DENY_THRESHOLD_ROOT = 1

# —
DENY_THRESHOLD_RESTRICTED = 1

#
WORK_DIR = /var/lib/denyhosts

#
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

#
HOSTNAME_LOOKUP=YES

# Redhat/Fedora:
LOCK_FILE = /var/lock/subsys/denyhosts

#
ADMIN_EMAIL = root

#
SMTP_HOST = localhost
SMTP_PORT = 25

#
#SMTP_USERNAME=foo
#SMTP_PASSWORD=bar

#
SMTP_FROM = DenyHosts <nobody@localhost>

# by DenyHosts when it reports thwarted abuse attempts
SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]

#
#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z

#
#SYSLOG_REPORT=YES

#
#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO

#
AGE_RESET_VALID=5d

#
AGE_RESET_ROOT=25d

#
AGE_RESET_RESTRICTED=25d

#
AGE_RESET_INVALID=10d

#
#RESET_ON_SUCCESS = yes

#
#PLUGIN_DENY=/usr/bin/true

#
#PLUGIN_PURGE=/usr/bin/true

#
#PLUGIN_PURGE=/usr/share/denyhosts/plugins/restorecon.sh

#
#USERDEF_FAILED_ENTRY_REGEX=

#
DAEMON_LOG = /var/log/denyhosts

#
#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s — %(name)-12s: %(levelname)-8s %(message)s

#
DAEMON_SLEEP = 30s

#
DAEMON_PURGE = 1h

#
#SYNC_SERVER = xmlrpc.denyhosts.net:9911

#
#SYNC_INTERVAL = 1h

#
#SYNC_UPLOAD = no
#SYNC_UPLOAD = yes

#
#SYNC_DOWNLOAD = no
#SYNC_DOWNLOAD = yes

#
#SYNC_DOWNLOAD_THRESHOLD = 10
#
#SYNC_DOWNLOAD_RESILIENCY = 5h

Запускаем Denyhosts:

service denyhosts start

Добавляем его в «автозагрузку»:

chkconfig denyhosts on

Дополнение:
НЕ ВЕРИТЕ, ЧТО ЗАЩИЩАТЬСЯ ДЕЙСТВИТЕЛЬНО НАДО?
Вот количество неудавшихся авторизации:

cat /var/log/secure | grep sshd | grep invalid | wc -l                                        874
Остались или есть ещё вопросы? Задавайте!
(не забудьте указать ссылку на этот пост)




3 комментария

  1. 123 Russian Federation Google Chrome Windows :

    [root@server etc]# cat /var/log/secure | grep sshd | grep invalid | wc -l

    4243

    И это только при установке на чистую систему. Разве значит это что ко мне 4243 раза ломились? =)

    Thumb up 0 Thumb down 0

  2. # cat /etc/hosts.denyssh

    # DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 190.196.31.100

    sshd: 190.196.31.100

    # DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 117.243.250.249

    sshd: 117.243.250.249

    # DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 190.210.142.75

    sshd: 190.210.142.75

    # DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 223.4.134.138

    sshd: 223.4.134.138

    # DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 120.199.64.54

    sshd: 120.199.64.54

    # DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 76.193.199.14

    sshd: 76.193.199.14

    # DenyHosts: Sat Mar 24 01:33:59 2012 | sshd: 27.32.131.146

    sshd: 27.32.131.146

    # DenyHosts: Sun Mar 25 00:14:32 2012 | sshd: 173.228.119.111

    sshd: 173.228.119.111

    # DenyHosts: Sun Mar 25 12:53:16 2012 | sshd: 46.200.42.15

    sshd: 46.200.42.15

    # DenyHosts: Sun Mar 25 21:12:44 2012 | sshd: 188.132.192.53

    sshd: 188.132.192.53

    # DenyHosts: Mon Mar 26 07:49:52 2012 | sshd: 183.60.143.25

    sshd: 183.60.143.25

    # DenyHosts: Mon Mar 26 19:08:07 2012 | sshd: 109.91.104.144

    sshd: 109.91.104.144

    # DenyHosts: Mon Mar 26 23:25:53 2012 | sshd: 122.194.21.12

    sshd: 122.194.21.12

    # DenyHosts: Tue Mar 27 11:53:09 2012 | sshd: 124.115.173.229

    sshd: 124.115.173.229

    # DenyHosts: Tue Mar 27 13:21:44 2012 | sshd: 82.194.76.61

    sshd: 82.194.76.61

    # DenyHosts: Tue Mar 27 16:21:55 2012 | sshd: 42.117.2.53

    sshd: 42.117.2.53

    # DenyHosts: Tue Mar 27 21:20:43 2012 | sshd: 95.132.95.21

    sshd: 95.132.95.21

    # DenyHosts: Wed Mar 28 12:57:09 2012 | sshd: 188.138.90.136

    sshd: 188.138.90.136

    # DenyHosts: Wed Mar 28 23:42:19 2012 | sshd: 46.201.156.247

    sshd: 46.201.156.247

    # DenyHosts: Thu Mar 29 04:37:07 2012 | sshd: 93.189.97.102

    sshd: 93.189.97.102

    # DenyHosts: Thu Mar 29 04:42:38 2012 | sshd: 202.96.199.150

    sshd: 202.96.199.150

    # DenyHosts: Thu Mar 29 06:25:15 2012 | sshd: 195.206.248.75

    sshd: 195.206.248.75

    # DenyHosts: Thu Mar 29 06:41:46 2012 | sshd: 95.132.184.38

    sshd: 95.132.184.38

    # DenyHosts: Fri Mar 30 00:41:25 2012 | sshd: 166.140.200.240

    sshd: 166.140.200.240

    # DenyHosts: Fri Mar 30 06:24:16 2012 | sshd: 83.98.140.198

    sshd: 83.98.140.198

    # DenyHosts: Fri Mar 30 08:23:54 2012 | sshd: 178.92.208.176

    sshd: 178.92.208.176

    # DenyHosts: Fri Mar 30 16:45:25 2012 | sshd: 109.73.169.31

    sshd: 109.73.169.31

    # DenyHosts: Sat Mar 31 08:01:19 2012 | sshd: 202.201.1.170

    sshd: 202.201.1.170

    # DenyHosts: Sat Mar 31 17:14:01 2012 | sshd: 83.242.231.66

    sshd: 83.242.231.66

    # DenyHosts: Sat Mar 31 18:08:05 2012 | sshd: 218.234.33.27

    sshd: 218.234.33.27

    # DenyHosts: Sun Apr  1 05:08:47 2012 | sshd: 109.169.77.14

    sshd: 109.169.77.14

    # DenyHosts: Sun Apr  1 06:39:54 2012 | sshd: 223.4.14.19

    sshd: 223.4.14.19

    # DenyHosts: Mon Apr  2 07:31:26 2012 | sshd: 190.196.161.110

    sshd: 190.196.161.110

    # DenyHosts: Mon Apr  2 11:19:10 2012 | sshd: 182.71.243.130

    sshd: 182.71.243.130

    # DenyHosts: Mon Apr  2 11:43:12 2012 | sshd: 112.90.144.2

    sshd: 112.90.144.2

    # DenyHosts: Tue Apr  3 03:47:40 2012 | sshd: 219.141.222.104

    sshd: 219.141.222.104

    # DenyHosts: Tue Apr  3 20:26:42 2012 | sshd: 85.113.226.59

    sshd: 85.113.226.59

    # DenyHosts: Wed Apr  4 06:41:20 2012 | sshd: 118.145.23.217

    sshd: 118.145.23.217

    # DenyHosts: Wed Apr  4 07:37:53 2012 | sshd: 195.198.236.87

    sshd: 195.198.236.87

    # DenyHosts: Wed Apr  4 15:27:56 2012 | sshd: 182.50.3.172

    sshd: 182.50.3.172

    # DenyHosts: Thu Apr  5 00:06:27 2012 | sshd: 37.46.112.65

    sshd: 37.46.112.65

    # DenyHosts: Thu Apr  5 12:25:00 2012 | sshd: 95.132.240.196

    sshd: 95.132.240.196

    # DenyHosts: Sat Apr  7 03:43:18 2012 | sshd: 184.107.69.28

    sshd: 184.107.69.28

    # DenyHosts: Sat Apr  7 12:47:21 2012 | sshd: 120.72.48.32

    sshd: 120.72.48.32

    # DenyHosts: Sat Apr  7 13:28:24 2012 | sshd: 80.70.164.219

    sshd: 80.70.164.219

    # DenyHosts: Sat Apr  7 20:29:50 2012 | sshd: 124.238.214.90

    sshd: 124.238.214.90

    # DenyHosts: Sun Apr  8 10:27:11 2012 | sshd: 200.199.116.126

    sshd: 200.199.116.126

    # DenyHosts: Mon Apr  9 07:53:29 2012 | sshd: 95.132.240.56

    sshd: 95.132.240.56

    # DenyHosts: Mon Apr  9 18:15:37 2012 | sshd: 61.145.118.190

    sshd: 61.145.118.190

    # DenyHosts: Mon Apr  9 22:29:53 2012 | sshd: 61.167.199.239

    sshd: 61.167.199.239

    # DenyHosts: Tue Apr 10 20:09:11 2012 | sshd: 124.205.252.158

    sshd: 124.205.252.158

    # DenyHosts: Wed Apr 11 06:38:49 2012 | sshd: 111.4.115.138

    sshd: 111.4.115.138

    # DenyHosts: Wed Apr 11 09:34:02 2012 | sshd: 83.170.93.206

    sshd: 83.170.93.206

    # DenyHosts: Wed Apr 11 21:43:46 2012 | sshd: 176.67.168.8

    sshd: 176.67.168.8

    # DenyHosts: Thu Apr 12 10:24:02 2012 | sshd: 208.85.37.2

    sshd: 208.85.37.2

    # DenyHosts: Thu Apr 12 19:02:05 2012 | sshd: 37.53.249.168

    sshd: 37.53.249.168

    # DenyHosts: Fri Apr 13 03:35:07 2012 | sshd: 190.254.136.34

    sshd: 190.254.136.34

    # DenyHosts: Fri Apr 13 03:59:09 2012 | sshd: 209.139.209.1

    sshd: 209.139.209.1

    # DenyHosts: Sat Apr 14 07:08:16 2012 | sshd: 68.168.223.164

    sshd: 68.168.223.164

    # DenyHosts: Sat Apr 14 22:50:44 2012 | sshd: 193.34.111.226

    sshd: 193.34.111.226

    # DenyHosts: Sun Apr 15 02:19:27 2012 | sshd: 95.132.205.195

    sshd: 95.132.205.195

    # DenyHosts: Sun Apr 15 03:52:33 2012 | sshd: 78.129.201.6

    sshd: 78.129.201.6

    # DenyHosts: Sun Apr 15 09:19:22 2012 | sshd: 195.206.38.48

    sshd: 195.206.38.48

    # DenyHosts: Sun Apr 15 10:29:27 2012 | sshd: 58.248.23.61

    sshd: 58.248.23.61

    # DenyHosts: Sun Apr 15 11:51:02 2012 | sshd: 222.58.151.68

    sshd: 222.58.151.68

    # DenyHosts: Mon Apr 16 05:38:07 2012 | sshd: 95.132.202.2

    sshd: 95.132.202.2

    # DenyHosts: Mon Apr 16 08:44:49 2012 | sshd: 93.157.46.93

    sshd: 93.157.46.93

    # DenyHosts: Mon Apr 16 13:29:36 2012 | sshd: 218.61.144.210

    sshd: 218.61.144.210

    # DenyHosts: Mon Apr 16 17:02:19 2012 | sshd: 192.168.222.4

    sshd: 192.168.222.4

    # DenyHosts: Mon Apr 16 18:06:53 2012 | sshd: 217.139.0.68

    sshd: 217.139.0.68

    # DenyHosts: Mon Apr 16 21:48:08 2012 | sshd: 218.108.224.81

    sshd: 218.108.224.81

    # DenyHosts: Tue Apr 17 17:13:52 2012 | sshd: 211.21.230.238

    sshd: 211.21.230.238

    # DenyHosts: Tue Apr 17 19:46:02 2012 | sshd: 94.103.145.183

    sshd: 94.103.145.183

    # DenyHosts: Wed Apr 18 08:12:17 2012 | sshd: 111.92.237.217

    sshd: 111.92.237.217

    # DenyHosts: Thu Apr 19 04:20:29 2012 | sshd: 87.117.255.199

    sshd: 87.117.255.199

    # DenyHosts: Thu Apr 19 12:36:29 2012 | sshd: 95.132.129.137

    sshd: 95.132.129.137

    # DenyHosts: Thu Apr 19 12:55:31 2012 | sshd: 61.183.11.243

    sshd: 61.183.11.243

    # DenyHosts: Thu Apr 19 19:06:24 2012 | sshd: 212.174.82.215

    sshd: 212.174.82.215

    # DenyHosts: Thu Apr 19 20:05:27 2012 | sshd: 202.146.216.141

    sshd: 202.146.216.141

    # DenyHosts: Fri Apr 20 23:40:37 2012 | sshd: 219.148.205.174

    sshd: 219.148.205.174

    # DenyHosts: Sat Apr 21 06:32:02 2012 | sshd: 184.107.185.90

    sshd: 184.107.185.90

    # DenyHosts: Sat Apr 21 07:12:36 2012 | sshd: 107.0.30.244

    sshd: 107.0.30.244

    # DenyHosts: Sun Apr 22 03:02:18 2012 | sshd: 211.151.185.54

    sshd: 211.151.185.54

    # DenyHosts: Sun Apr 22 17:26:55 2012 | sshd: 218.16.63.145

    sshd: 218.16.63.145

    # DenyHosts: Sun Apr 22 20:52:08 2012 | sshd: 37.52.18.203

    sshd: 37.52.18.203

    # DenyHosts: Tue Apr 24 04:46:32 2012 | sshd: 69.12.10.42

    sshd: 69.12.10.42

    # DenyHosts: Wed Apr 25 12:21:44 2012 | sshd: 178.18.17.229

    sshd: 178.18.17.229

    # DenyHosts: Wed Apr 25 12:42:49 2012 | sshd: 46.19.143.84

    sshd: 46.19.143.84

    # DenyHosts: Thu Apr 26 03:06:34 2012 | sshd: 61.136.171.198

    sshd: 61.136.171.198

    # DenyHosts: Thu Apr 26 03:12:36 2012 | sshd: 123.231.64.60

    sshd: 123.231.64.60

    # DenyHosts: Thu Apr 26 05:43:05 2012 | sshd: 118.145.25.72

    sshd: 118.145.25.72

    # DenyHosts: Fri Apr 27 09:01:19 2012 | sshd: 213.0.180.23

    sshd: 213.0.180.23

    # DenyHosts: Fri Apr 27 10:54:11 2012 | sshd: 176.10.238.79

    sshd: 176.10.238.79

    # DenyHosts: Sat Apr 28 02:44:18 2012 | sshd: 60.247.2.49

    sshd: 60.247.2.49

    # DenyHosts: Sat Apr 28 13:42:58 2012 | sshd: 89.105.128.179

    sshd: 89.105.128.179

    # DenyHosts: Sat Apr 28 17:08:09 2012 | sshd: 95.132.62.124

    sshd: 95.132.62.124

    # DenyHosts: Sun Apr 29 03:36:42 2012 | sshd: 46.200.221.174

    sshd: 46.200.221.174

    # DenyHosts: Sun Apr 29 19:33:50 2012 | sshd: 37.54.20.28

    sshd: 37.54.20.28

    # DenyHosts: Mon Apr 30 05:36:48 2012 | sshd: 128.72.168.10

    sshd: 128.72.168.10

    # DenyHosts: Mon Apr 30 06:03:50 2012 | sshd: 61.151.251.252

    sshd: 61.151.251.252

    # DenyHosts: Mon Apr 30 18:17:35 2012 | sshd: 46.38.240.147

    sshd: 46.38.240.147

    # DenyHosts: Wed May  2 03:11:34 2012 | sshd: 219.148.34.95

    sshd: 219.148.34.95

    # DenyHosts: Wed May  2 05:03:12 2012 | sshd: 122.4.79.15

    sshd: 122.4.79.15

    # DenyHosts: Wed May  2 05:34:44 2012 | sshd: 88.190.19.180

    sshd: 88.190.19.180

    # DenyHosts: Wed May  2 10:45:03 2012 | sshd: 101.99.64.7

    sshd: 101.99.64.7

    # DenyHosts: Thu May  3 00:49:54 2012 | sshd: 202.164.196.18

    sshd: 202.164.196.18

    # DenyHosts: Thu May  3 08:32:53 2012 | sshd: 95.132.31.243

    sshd: 95.132.31.243

    # DenyHosts: Thu May  3 17:15:24 2012 | sshd: 31.210.46.226

    sshd: 31.210.46.226

    # DenyHosts: Sat May  5 00:29:17 2012 | sshd: 60.12.149.161

    sshd: 60.12.149.161

    # DenyHosts: Sat May  5 04:19:32 2012 | sshd: 176.9.230.183

    sshd: 176.9.230.183

    # DenyHosts: Sat May  5 04:36:33 2012 | sshd: 217.119.85.18

    sshd: 217.119.85.18

    # DenyHosts: Sun May  6 00:30:15 2012 | sshd: 95.132.40.86

    sshd: 95.132.40.86

    # DenyHosts: Sun May  6 07:03:39 2012 | sshd: 122.225.11.58

    sshd: 122.225.11.58

    # DenyHosts: Sun May  6 21:44:02 2012 | sshd: 95.132.144.184

    sshd: 95.132.144.184

    # DenyHosts: Mon May  7 00:29:43 2012 | sshd: 78.188.30.7

    sshd: 78.188.30.7

    # DenyHosts: Mon May  7 13:52:32 2012 | sshd: 85.25.226.77

    sshd: 85.25.226.77

    # DenyHosts: Mon May  7 16:30:42 2012 | sshd: 61.144.225.149

    sshd: 61.144.225.149

    # DenyHosts: Mon May  7 21:45:31 2012 | sshd: 95.132.0.244

    sshd: 95.132.0.244

    # DenyHosts: Mon May  7 22:31:04 2012 | sshd: 209.190.29.35

    sshd: 209.190.29.35

    # DenyHosts: Tue May  8 11:26:21 2012 | sshd: 95.132.236.182

    sshd: 95.132.236.182

    # DenyHosts: Wed May  9 09:25:10 2012 | sshd: 184.22.95.34

    sshd: 184.22.95.34

    # DenyHosts: Wed May  9 12:19:22 2012 | sshd: 46.4.99.141

    sshd: 46.4.99.141

    # DenyHosts: Wed May  9 14:18:30 2012 | sshd: 187.141.136.86

    sshd: 187.141.136.86

    # DenyHosts: Wed May  9 18:58:17 2012 | sshd: 61.42.104.238

    sshd: 61.42.104.238

    # DenyHosts: Wed May  9 23:38:34 2012 | sshd: 210.233.109.233

    sshd: 210.233.109.233

    # DenyHosts: Thu May 10 22:07:56 2012 | sshd: 202.123.242.10

    sshd: 202.123.242.10

    # DenyHosts: Sat May 12 08:53:27 2012 | sshd: 217.19.14.211

    sshd: 217.19.14.211

    # DenyHosts: Sun May 13 02:46:59 2012 | sshd: 64.27.0.183

    sshd: 64.27.0.183

    # DenyHosts: Sun May 13 23:36:43 2012 | sshd: 85.114.130.246

    sshd: 85.114.130.246

    # DenyHosts: Mon May 14 05:57:00 2012 | sshd: 202.55.6.140

    sshd: 202.55.6.140

    # DenyHosts: Mon May 14 06:55:42 2012 | sshd: 60.29.0.22

    sshd: 60.29.0.22

    # DenyHosts: Mon May 14 07:24:48 2012 | sshd: 38.98.53.60

    sshd: 38.98.53.60

    # DenyHosts: Mon May 14 18:26:53 2012 | sshd: 115.248.152.161

    sshd: 115.248.152.161

    # DenyHosts: Tue May 15 04:31:20 2012 | sshd: 203.122.42.66

    sshd: 203.122.42.66

    # DenyHosts: Tue May 15 22:31:33 2012 | sshd: 222.87.204.14

    sshd: 222.87.204.14

     

     

    Thumb up 0 Thumb down 0

  3. Каждый день гости )))))

    Thumb up 0 Thumb down 0

Оставить комментарий

Установка, настройка, мониторинг и администрирование linux, unix, windows систем