linux server under iptables+Denyhost against brute force cracking configuration method
- 2020-05-10 23:18:37
- OfStack
Using iptables now connects ssh times per minute
# allows local loopback interface access
iptables -A INPUT -i lo -j ACCEPT
Release all links that have been created
iptables -A INPUT -m state � state ESTABLISHED -j ACCEPT
Only two new connections to ssh are allowed per minute, and there is no limit to established connections
iptables -A INPUT -p tcp � dport 22 -m limit � limit 2/minute � limit-burst 2 -m state � state NEW -j ACCEPT
Add default policy to reject all
iptables -P INPUT DROP
Use Denyhost to deny access to ip with the wrong ssh password
Download denyhost http: / / sourceforge net/projects/denyhosts files /
Install denyhost
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install # The installation DenyHosts
cd /usr/share/denyhosts/ # Default installation path
cp denyhosts.cfg-dist denyhosts.cfg #denyhosts.cfg For configuration files
cp daemon-control-dist daemon-control #daemon-control To start the program
chown root daemon-control # add root permissions
chmod 700 daemon-control # Modify to executable file
ln -s /usr/share/denyhosts/daemon-control /etc/init.d # right daemon-control Soft connection for easy management
/etc/init.d/daemon-control start # Start the denyhosts
chkconfig daemon-control on # will denghosts Set to boot
Configuration denyhost
vim /usr/share/denyhosts/denyhosts.cfg
HOSTS_DENY = /etc/hosts.deny # Control user login files
PURGE_DENY = 30m # After how long to clear has been banned, set to 30 Minutes;
BLOCK_SERVICE = sshd # Banned service name, of course DenyHost Not just for SSH service
DENY_THRESHOLD_INVALID = 1 # The number of times an invalid user is allowed to fail
DENY_THRESHOLD_VALID = 5 # The number of logins that failed to allow normal users to log in
DENY_THRESHOLD_ROOT = 5 # allow root Number of login failures
DAEMON_LOG = /var/log/denyhosts #DenyHosts Log file location, default
After changing the default configuration of DenyHosts, restarting the DenyHosts service will take effect:
/etc/init.d/daemon-control restart # restart denyhosts
From: http: / / www zhengdazhi. com / & # 63; p = 563