当前位置:七道奇文章资讯安全技术操作系统
日期:2011-02-25 11:51:00  来源:本站整理

打造巩固的安全的Linux服务器(ssh登录篇)[操作系统]

赞助商链接



  本文“打造巩固的安全的Linux服务器(ssh登录篇)[操作系统]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:

Nov 3 01:22:06 server sshd[11879]: Failed password for root from 123.127.5.131 port 38917 ssh2
Nov 3 01:22:17 server sshd[11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication.


Nov 3 03:15:08 server sshd[17524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
4.238.47.93.res-cmts.tv13.ptd.net user=root
Nov 3 03:15:11 server sshd[17524]: Failed password for root from 24.238.47.93 port 3033 ssh2
Nov 3 03:15:11 server sshd[17525]: Received disconnect from 24.238.47.93: 11: Bye Bye
Nov 3 05:14:12 server sshd[20460]: Invalid user a from 218.28.4.61
Nov 3 05:14:12 server sshd[20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:12 server sshd[20461]: input_userauth_request: invalid user a
Nov 3 05:14:12 server sshd[20460]: pam_unix(sshd:auth): check pass; user unknown
Nov 3 05:14:12 server sshd[20460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61
Nov 3 05:14:14 server sshd[20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2
Nov 3 05:14:14 server sshd[20461]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:16 server sshd[20467]: Invalid user 1 from 218.28.4.61
Nov 3 05:14:16 server sshd[20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:16 server sshd[20468]: input_userauth_request: invalid user 1
Nov 3 05:14:16 server sshd[20467]: pam_unix(sshd:auth): check pass; user unknown
Nov 3 05:14:16 server sshd[20467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61
Nov 3 05:14:18 server sshd[20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2
Nov 3 05:14:18 server sshd[20468]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:20 server sshd[20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:20 server sshd[20473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
18.28.4.61 user=root
Nov 3 05:14:22 server sshd[20473]: Failed password for root from 218.28.4.61 port 15940 ssh2
Nov 3 05:14:22 server sshd[20475]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:24 server sshd[21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!


更多的是近似这样的:

Nov 4 13:09:44 server sshd[9319]: Did not receive identification string from 66.197.176.130
Nov 4 13:15:24 server sshd[10015]: Did not receive identification string from UNKNOWN
Nov 4 13:16:25 server sshd[10200]: Did not receive identification string from UNKNOWN
Nov 4 13:18:28 server sshd[11524]: Did not receive identification string from UNKNOWN
Nov 4 13:19:24 server sshd[11579]: Did not receive identification string from UNKNOWN
Nov 4 13:20:24 server sshd[11707]: Did not receive identification string from UNKNOWN
Nov 4 13:21:24 server sshd[11782]: Did not receive identification string from UNKNOWN
Nov 4 13:22:24 server sshd[11854]: Did not receive identification string from UNKNOWN
Nov 4 13:24:26 server sshd[12036]: Did not receive identification string from UNKNOWN
Nov 4 13:25:26 server sshd[12201]: Did not receive identification string from UNKNOWN
Nov 4 13:26:26 server sshd[13312]: Did not receive identification string from UNKNOWN
Nov 4 13:27:26 server sshd[13400]: Did not receive identification string from UNKNOWN
Nov 4 13:28:26 server sshd[13542]: Did not receive identification string from UNKNOWN

看来安全问题不少,呵呵.于是开始行动,加固安全防线,打造一个安全服务器,让老美黑客们也歇菜,哈哈.

首先,禁用root 远程登录,改ssh端口

vi /etc/ssh/sshd_config

PermitRootLogin no #禁用root 登录,成立一个普通用户用作远程登录,然后通过su -转为root 用户

#Port 22
Port 36301 #改到普通扫描器扫到累死才能找到的端口(从20 扫到 36301 … 哈哈)

重启 /etc/init.d/sshd restart

上述更改后,安全日记好几天没有动静,除了我自己登录的日记外,成果初现.不过好景不长,过几天后又发现有一摸索登录日记:

Nov 9 15:57:02 server sshd[13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd[13916]: Did not receive identification string from 66.197.176.130

[1] [2]  下一页


  以上是“打造巩固的安全的Linux服务器(ssh登录篇)[操作系统]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
  • 打造巩固的安全的Linux服务器(ssh登录篇)
  • <b>打造巩固的安全的Linux服务器(ssh登录篇)</b>
  • 本文地址: 与您的QQ/BBS好友分享!
    • 好的评价 如果您觉得此文章好,就请您
        0%(0)
    • 差的评价 如果您觉得此文章差,就请您
        0%(0)

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    Copyright © 2020-2022 www.xiamiku.com. All Rights Reserved .