Denyhosts – это скрипт, написанный на Python для защиты SSH серверов от переборов паролей (брутфорса).Скрипт отслеживает логи системы о неудачных авторизациях.
Denyhosts работает следующим образом: он проверяет логи и добавляет в /etc/hosts.deny ip адреса, с которых наблюдается много попыток неудачного входа. Для того чтобы это работало, ssh должен быть собран с tcpwrappers (что делается по умолчанию).Для установки denyhosts необходим репозитарий EPEL. Проверяем, есть ли EPEL в списке репозитариев:
yum repolist
Как добавить репозитарий если нет, читаем тут: Репозитории Centos 6
Установка:
yum install denyhosts
Сохраняем конфиг по умолчанию (на случай отката обратно):
cp /etc/denyhosts.conf /etc/denyhosts.conf.default
Создадим файл, куда будут записываться ip-адреса забаненых:
touch /etc/hosts.denyssh
Редактируем доступ к серверу:
vi /etc/hosts.allow
Содержимое файла:
# разрешаем локальной сети и vpn каналу sshd : 192.168.17.0/255.255.255.0 : allow sshd : 192.168.222.0/255.255.255.0 : allow # запретим доступ списку из файла sshd : /etc/hosts.denyssh : deny # остальным разрешим sshd : ALL : allow
Редактируем конфиг:
vi /etc/denyhosts.conf
Содержимое моего конфига denyhosts.conf:
# — Путь до логов, куда помещается информация о соединениях SECURE_LOG = /var/log/secure # — ip — адреса забаненых HOSTS_DENY = /etc/hosts.denyssh # — Период бана (2y — два года) PURGE_DENY = 2y # — #PURGE_THRESHOLD = 2 # — какие сервисы контролировать (например: ftpd) BLOCK_SERVICE = sshd # — Количество попыток входа с несуществующим логином DENY_THRESHOLD_INVALID = 7 # — Количество попыток входа с неверным паролем DENY_THRESHOLD_VALID = 7 # — Количество попыток войти c учетной записью root DENY_THRESHOLD_ROOT = 1 # — DENY_THRESHOLD_RESTRICTED = 1 # WORK_DIR = /var/lib/denyhosts # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES # HOSTNAME_LOOKUP=YES # Redhat/Fedora: LOCK_FILE = /var/lock/subsys/denyhosts # ADMIN_EMAIL = root # SMTP_HOST = localhost SMTP_PORT = 25 # #SMTP_USERNAME=foo #SMTP_PASSWORD=bar # SMTP_FROM = DenyHosts <nobody@localhost> # by DenyHosts when it reports thwarted abuse attempts SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME] # #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z # #SYSLOG_REPORT=YES # #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO # AGE_RESET_VALID=5d # AGE_RESET_ROOT=25d # AGE_RESET_RESTRICTED=25d # AGE_RESET_INVALID=10d # #RESET_ON_SUCCESS = yes # #PLUGIN_DENY=/usr/bin/true # #PLUGIN_PURGE=/usr/bin/true # #PLUGIN_PURGE=/usr/share/denyhosts/plugins/restorecon.sh # #USERDEF_FAILED_ENTRY_REGEX= # DAEMON_LOG = /var/log/denyhosts # #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s — %(name)-12s: %(levelname)-8s %(message)s # DAEMON_SLEEP = 30s # DAEMON_PURGE = 1h # #SYNC_SERVER = xmlrpc.denyhosts.net:9911 # #SYNC_INTERVAL = 1h # #SYNC_UPLOAD = no #SYNC_UPLOAD = yes # #SYNC_DOWNLOAD = no #SYNC_DOWNLOAD = yes # #SYNC_DOWNLOAD_THRESHOLD = 10 # #SYNC_DOWNLOAD_RESILIENCY = 5h
Запускаем Denyhosts:
service denyhosts start
Добавляем его в «автозагрузку»:
chkconfig denyhosts on
Дополнение:
НЕ ВЕРИТЕ, ЧТО ЗАЩИЩАТЬСЯ ДЕЙСТВИТЕЛЬНО НАДО?
Вот количество неудавшихся авторизации:
cat /var/log/secure | grep sshd | grep invalid | wc -l 874
# cat /etc/hosts.denyssh
# DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 190.196.31.100
sshd: 190.196.31.100
# DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 117.243.250.249
sshd: 117.243.250.249
# DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 190.210.142.75
sshd: 190.210.142.75
# DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 223.4.134.138
sshd: 223.4.134.138
# DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 120.199.64.54
sshd: 120.199.64.54
# DenyHosts: Fri Mar 23 06:37:05 2012 | sshd: 76.193.199.14
sshd: 76.193.199.14
# DenyHosts: Sat Mar 24 01:33:59 2012 | sshd: 27.32.131.146
sshd: 27.32.131.146
# DenyHosts: Sun Mar 25 00:14:32 2012 | sshd: 173.228.119.111
sshd: 173.228.119.111
# DenyHosts: Sun Mar 25 12:53:16 2012 | sshd: 46.200.42.15
sshd: 46.200.42.15
# DenyHosts: Sun Mar 25 21:12:44 2012 | sshd: 188.132.192.53
sshd: 188.132.192.53
# DenyHosts: Mon Mar 26 07:49:52 2012 | sshd: 183.60.143.25
sshd: 183.60.143.25
# DenyHosts: Mon Mar 26 19:08:07 2012 | sshd: 109.91.104.144
sshd: 109.91.104.144
# DenyHosts: Mon Mar 26 23:25:53 2012 | sshd: 122.194.21.12
sshd: 122.194.21.12
# DenyHosts: Tue Mar 27 11:53:09 2012 | sshd: 124.115.173.229
sshd: 124.115.173.229
# DenyHosts: Tue Mar 27 13:21:44 2012 | sshd: 82.194.76.61
sshd: 82.194.76.61
# DenyHosts: Tue Mar 27 16:21:55 2012 | sshd: 42.117.2.53
sshd: 42.117.2.53
# DenyHosts: Tue Mar 27 21:20:43 2012 | sshd: 95.132.95.21
sshd: 95.132.95.21
# DenyHosts: Wed Mar 28 12:57:09 2012 | sshd: 188.138.90.136
sshd: 188.138.90.136
# DenyHosts: Wed Mar 28 23:42:19 2012 | sshd: 46.201.156.247
sshd: 46.201.156.247
# DenyHosts: Thu Mar 29 04:37:07 2012 | sshd: 93.189.97.102
sshd: 93.189.97.102
# DenyHosts: Thu Mar 29 04:42:38 2012 | sshd: 202.96.199.150
sshd: 202.96.199.150
# DenyHosts: Thu Mar 29 06:25:15 2012 | sshd: 195.206.248.75
sshd: 195.206.248.75
# DenyHosts: Thu Mar 29 06:41:46 2012 | sshd: 95.132.184.38
sshd: 95.132.184.38
# DenyHosts: Fri Mar 30 00:41:25 2012 | sshd: 166.140.200.240
sshd: 166.140.200.240
# DenyHosts: Fri Mar 30 06:24:16 2012 | sshd: 83.98.140.198
sshd: 83.98.140.198
# DenyHosts: Fri Mar 30 08:23:54 2012 | sshd: 178.92.208.176
sshd: 178.92.208.176
# DenyHosts: Fri Mar 30 16:45:25 2012 | sshd: 109.73.169.31
sshd: 109.73.169.31
# DenyHosts: Sat Mar 31 08:01:19 2012 | sshd: 202.201.1.170
sshd: 202.201.1.170
# DenyHosts: Sat Mar 31 17:14:01 2012 | sshd: 83.242.231.66
sshd: 83.242.231.66
# DenyHosts: Sat Mar 31 18:08:05 2012 | sshd: 218.234.33.27
sshd: 218.234.33.27
# DenyHosts: Sun Apr 1 05:08:47 2012 | sshd: 109.169.77.14
sshd: 109.169.77.14
# DenyHosts: Sun Apr 1 06:39:54 2012 | sshd: 223.4.14.19
sshd: 223.4.14.19
# DenyHosts: Mon Apr 2 07:31:26 2012 | sshd: 190.196.161.110
sshd: 190.196.161.110
# DenyHosts: Mon Apr 2 11:19:10 2012 | sshd: 182.71.243.130
sshd: 182.71.243.130
# DenyHosts: Mon Apr 2 11:43:12 2012 | sshd: 112.90.144.2
sshd: 112.90.144.2
# DenyHosts: Tue Apr 3 03:47:40 2012 | sshd: 219.141.222.104
sshd: 219.141.222.104
# DenyHosts: Tue Apr 3 20:26:42 2012 | sshd: 85.113.226.59
sshd: 85.113.226.59
# DenyHosts: Wed Apr 4 06:41:20 2012 | sshd: 118.145.23.217
sshd: 118.145.23.217
# DenyHosts: Wed Apr 4 07:37:53 2012 | sshd: 195.198.236.87
sshd: 195.198.236.87
# DenyHosts: Wed Apr 4 15:27:56 2012 | sshd: 182.50.3.172
sshd: 182.50.3.172
# DenyHosts: Thu Apr 5 00:06:27 2012 | sshd: 37.46.112.65
sshd: 37.46.112.65
# DenyHosts: Thu Apr 5 12:25:00 2012 | sshd: 95.132.240.196
sshd: 95.132.240.196
# DenyHosts: Sat Apr 7 03:43:18 2012 | sshd: 184.107.69.28
sshd: 184.107.69.28
# DenyHosts: Sat Apr 7 12:47:21 2012 | sshd: 120.72.48.32
sshd: 120.72.48.32
# DenyHosts: Sat Apr 7 13:28:24 2012 | sshd: 80.70.164.219
sshd: 80.70.164.219
# DenyHosts: Sat Apr 7 20:29:50 2012 | sshd: 124.238.214.90
sshd: 124.238.214.90
# DenyHosts: Sun Apr 8 10:27:11 2012 | sshd: 200.199.116.126
sshd: 200.199.116.126
# DenyHosts: Mon Apr 9 07:53:29 2012 | sshd: 95.132.240.56
sshd: 95.132.240.56
# DenyHosts: Mon Apr 9 18:15:37 2012 | sshd: 61.145.118.190
sshd: 61.145.118.190
# DenyHosts: Mon Apr 9 22:29:53 2012 | sshd: 61.167.199.239
sshd: 61.167.199.239
# DenyHosts: Tue Apr 10 20:09:11 2012 | sshd: 124.205.252.158
sshd: 124.205.252.158
# DenyHosts: Wed Apr 11 06:38:49 2012 | sshd: 111.4.115.138
sshd: 111.4.115.138
# DenyHosts: Wed Apr 11 09:34:02 2012 | sshd: 83.170.93.206
sshd: 83.170.93.206
# DenyHosts: Wed Apr 11 21:43:46 2012 | sshd: 176.67.168.8
sshd: 176.67.168.8
# DenyHosts: Thu Apr 12 10:24:02 2012 | sshd: 208.85.37.2
sshd: 208.85.37.2
# DenyHosts: Thu Apr 12 19:02:05 2012 | sshd: 37.53.249.168
sshd: 37.53.249.168
# DenyHosts: Fri Apr 13 03:35:07 2012 | sshd: 190.254.136.34
sshd: 190.254.136.34
# DenyHosts: Fri Apr 13 03:59:09 2012 | sshd: 209.139.209.1
sshd: 209.139.209.1
# DenyHosts: Sat Apr 14 07:08:16 2012 | sshd: 68.168.223.164
sshd: 68.168.223.164
# DenyHosts: Sat Apr 14 22:50:44 2012 | sshd: 193.34.111.226
sshd: 193.34.111.226
# DenyHosts: Sun Apr 15 02:19:27 2012 | sshd: 95.132.205.195
sshd: 95.132.205.195
# DenyHosts: Sun Apr 15 03:52:33 2012 | sshd: 78.129.201.6
sshd: 78.129.201.6
# DenyHosts: Sun Apr 15 09:19:22 2012 | sshd: 195.206.38.48
sshd: 195.206.38.48
# DenyHosts: Sun Apr 15 10:29:27 2012 | sshd: 58.248.23.61
sshd: 58.248.23.61
# DenyHosts: Sun Apr 15 11:51:02 2012 | sshd: 222.58.151.68
sshd: 222.58.151.68
# DenyHosts: Mon Apr 16 05:38:07 2012 | sshd: 95.132.202.2
sshd: 95.132.202.2
# DenyHosts: Mon Apr 16 08:44:49 2012 | sshd: 93.157.46.93
sshd: 93.157.46.93
# DenyHosts: Mon Apr 16 13:29:36 2012 | sshd: 218.61.144.210
sshd: 218.61.144.210
# DenyHosts: Mon Apr 16 17:02:19 2012 | sshd: 192.168.222.4
sshd: 192.168.222.4
# DenyHosts: Mon Apr 16 18:06:53 2012 | sshd: 217.139.0.68
sshd: 217.139.0.68
# DenyHosts: Mon Apr 16 21:48:08 2012 | sshd: 218.108.224.81
sshd: 218.108.224.81
# DenyHosts: Tue Apr 17 17:13:52 2012 | sshd: 211.21.230.238
sshd: 211.21.230.238
# DenyHosts: Tue Apr 17 19:46:02 2012 | sshd: 94.103.145.183
sshd: 94.103.145.183
# DenyHosts: Wed Apr 18 08:12:17 2012 | sshd: 111.92.237.217
sshd: 111.92.237.217
# DenyHosts: Thu Apr 19 04:20:29 2012 | sshd: 87.117.255.199
sshd: 87.117.255.199
# DenyHosts: Thu Apr 19 12:36:29 2012 | sshd: 95.132.129.137
sshd: 95.132.129.137
# DenyHosts: Thu Apr 19 12:55:31 2012 | sshd: 61.183.11.243
sshd: 61.183.11.243
# DenyHosts: Thu Apr 19 19:06:24 2012 | sshd: 212.174.82.215
sshd: 212.174.82.215
# DenyHosts: Thu Apr 19 20:05:27 2012 | sshd: 202.146.216.141
sshd: 202.146.216.141
# DenyHosts: Fri Apr 20 23:40:37 2012 | sshd: 219.148.205.174
sshd: 219.148.205.174
# DenyHosts: Sat Apr 21 06:32:02 2012 | sshd: 184.107.185.90
sshd: 184.107.185.90
# DenyHosts: Sat Apr 21 07:12:36 2012 | sshd: 107.0.30.244
sshd: 107.0.30.244
# DenyHosts: Sun Apr 22 03:02:18 2012 | sshd: 211.151.185.54
sshd: 211.151.185.54
# DenyHosts: Sun Apr 22 17:26:55 2012 | sshd: 218.16.63.145
sshd: 218.16.63.145
# DenyHosts: Sun Apr 22 20:52:08 2012 | sshd: 37.52.18.203
sshd: 37.52.18.203
# DenyHosts: Tue Apr 24 04:46:32 2012 | sshd: 69.12.10.42
sshd: 69.12.10.42
# DenyHosts: Wed Apr 25 12:21:44 2012 | sshd: 178.18.17.229
sshd: 178.18.17.229
# DenyHosts: Wed Apr 25 12:42:49 2012 | sshd: 46.19.143.84
sshd: 46.19.143.84
# DenyHosts: Thu Apr 26 03:06:34 2012 | sshd: 61.136.171.198
sshd: 61.136.171.198
# DenyHosts: Thu Apr 26 03:12:36 2012 | sshd: 123.231.64.60
sshd: 123.231.64.60
# DenyHosts: Thu Apr 26 05:43:05 2012 | sshd: 118.145.25.72
sshd: 118.145.25.72
# DenyHosts: Fri Apr 27 09:01:19 2012 | sshd: 213.0.180.23
sshd: 213.0.180.23
# DenyHosts: Fri Apr 27 10:54:11 2012 | sshd: 176.10.238.79
sshd: 176.10.238.79
# DenyHosts: Sat Apr 28 02:44:18 2012 | sshd: 60.247.2.49
sshd: 60.247.2.49
# DenyHosts: Sat Apr 28 13:42:58 2012 | sshd: 89.105.128.179
sshd: 89.105.128.179
# DenyHosts: Sat Apr 28 17:08:09 2012 | sshd: 95.132.62.124
sshd: 95.132.62.124
# DenyHosts: Sun Apr 29 03:36:42 2012 | sshd: 46.200.221.174
sshd: 46.200.221.174
# DenyHosts: Sun Apr 29 19:33:50 2012 | sshd: 37.54.20.28
sshd: 37.54.20.28
# DenyHosts: Mon Apr 30 05:36:48 2012 | sshd: 128.72.168.10
sshd: 128.72.168.10
# DenyHosts: Mon Apr 30 06:03:50 2012 | sshd: 61.151.251.252
sshd: 61.151.251.252
# DenyHosts: Mon Apr 30 18:17:35 2012 | sshd: 46.38.240.147
sshd: 46.38.240.147
# DenyHosts: Wed May 2 03:11:34 2012 | sshd: 219.148.34.95
sshd: 219.148.34.95
# DenyHosts: Wed May 2 05:03:12 2012 | sshd: 122.4.79.15
sshd: 122.4.79.15
# DenyHosts: Wed May 2 05:34:44 2012 | sshd: 88.190.19.180
sshd: 88.190.19.180
# DenyHosts: Wed May 2 10:45:03 2012 | sshd: 101.99.64.7
sshd: 101.99.64.7
# DenyHosts: Thu May 3 00:49:54 2012 | sshd: 202.164.196.18
sshd: 202.164.196.18
# DenyHosts: Thu May 3 08:32:53 2012 | sshd: 95.132.31.243
sshd: 95.132.31.243
# DenyHosts: Thu May 3 17:15:24 2012 | sshd: 31.210.46.226
sshd: 31.210.46.226
# DenyHosts: Sat May 5 00:29:17 2012 | sshd: 60.12.149.161
sshd: 60.12.149.161
# DenyHosts: Sat May 5 04:19:32 2012 | sshd: 176.9.230.183
sshd: 176.9.230.183
# DenyHosts: Sat May 5 04:36:33 2012 | sshd: 217.119.85.18
sshd: 217.119.85.18
# DenyHosts: Sun May 6 00:30:15 2012 | sshd: 95.132.40.86
sshd: 95.132.40.86
# DenyHosts: Sun May 6 07:03:39 2012 | sshd: 122.225.11.58
sshd: 122.225.11.58
# DenyHosts: Sun May 6 21:44:02 2012 | sshd: 95.132.144.184
sshd: 95.132.144.184
# DenyHosts: Mon May 7 00:29:43 2012 | sshd: 78.188.30.7
sshd: 78.188.30.7
# DenyHosts: Mon May 7 13:52:32 2012 | sshd: 85.25.226.77
sshd: 85.25.226.77
# DenyHosts: Mon May 7 16:30:42 2012 | sshd: 61.144.225.149
sshd: 61.144.225.149
# DenyHosts: Mon May 7 21:45:31 2012 | sshd: 95.132.0.244
sshd: 95.132.0.244
# DenyHosts: Mon May 7 22:31:04 2012 | sshd: 209.190.29.35
sshd: 209.190.29.35
# DenyHosts: Tue May 8 11:26:21 2012 | sshd: 95.132.236.182
sshd: 95.132.236.182
# DenyHosts: Wed May 9 09:25:10 2012 | sshd: 184.22.95.34
sshd: 184.22.95.34
# DenyHosts: Wed May 9 12:19:22 2012 | sshd: 46.4.99.141
sshd: 46.4.99.141
# DenyHosts: Wed May 9 14:18:30 2012 | sshd: 187.141.136.86
sshd: 187.141.136.86
# DenyHosts: Wed May 9 18:58:17 2012 | sshd: 61.42.104.238
sshd: 61.42.104.238
# DenyHosts: Wed May 9 23:38:34 2012 | sshd: 210.233.109.233
sshd: 210.233.109.233
# DenyHosts: Thu May 10 22:07:56 2012 | sshd: 202.123.242.10
sshd: 202.123.242.10
# DenyHosts: Sat May 12 08:53:27 2012 | sshd: 217.19.14.211
sshd: 217.19.14.211
# DenyHosts: Sun May 13 02:46:59 2012 | sshd: 64.27.0.183
sshd: 64.27.0.183
# DenyHosts: Sun May 13 23:36:43 2012 | sshd: 85.114.130.246
sshd: 85.114.130.246
# DenyHosts: Mon May 14 05:57:00 2012 | sshd: 202.55.6.140
sshd: 202.55.6.140
# DenyHosts: Mon May 14 06:55:42 2012 | sshd: 60.29.0.22
sshd: 60.29.0.22
# DenyHosts: Mon May 14 07:24:48 2012 | sshd: 38.98.53.60
sshd: 38.98.53.60
# DenyHosts: Mon May 14 18:26:53 2012 | sshd: 115.248.152.161
sshd: 115.248.152.161
# DenyHosts: Tue May 15 04:31:20 2012 | sshd: 203.122.42.66
sshd: 203.122.42.66
# DenyHosts: Tue May 15 22:31:33 2012 | sshd: 222.87.204.14
sshd: 222.87.204.14
Каждый день гости )))))