Linux

如何防止linux服务器被暴力破解密码?

经常有人会利用ssh来暴力破解服务器密码,然后给服务器挂马,查看服务器的安全记录,

打开/var/logs/secure文件,会发现很多利用ssh来暴力破解登录的记录,如下

1: Aug 29 16:27:23 fgb sshd[31098]: Failed password for root from 189.205.132.145 port 49920 ssh2

2: Aug 29 16:27:28 fgb sshd[31100]: Failed password for root from 189.205.132.145 port 55661 ssh2

3: Aug 29 16:27:33 fgb sshd[31103]: Failed password for root from 189.205.132.145 port 33579 ssh2

4: Aug 29 16:27:37 fgb sshd[31106]: Failed password for root from 189.205.132.145 port 39344 ssh2

5: Aug 29 16:27:42 fgb sshd[31115]: Failed password for root from 189.205.132.145 port 45117 ssh2

6: Aug 29 16:27:46 fgb sshd[31124]: Failed password for root from 189.205.132.145 port 50881 ssh2

7: Aug 29 16:27:52 fgb sshd[31126]: Failed password for root from 189.205.132.145 port 56359 ssh2

8: Aug 29 16:27:57 fgb sshd[31128]: Failed password for root from 189.205.132.145 port 35882 ssh2

9: Aug 29 16:28:02 fgb sshd[31130]: Failed password for root from 189.205.132.145 port 41888 ssh2

10: Aug 29 16:28:08 fgb sshd[31132]: Failed password for root from 189.205.132.145 port 47882 ssh2

11: Aug 29 16:28:12 fgb sshd[31134]: Failed password for root from 189.205.132.145 port 53121 ssh2

12: Aug 29 16:28:17 fgb sshd[31136]: Failed password for root from 189.205.132.145 port 59014 ssh2

13: Aug 29 16:28:21 fgb sshd[31139]: Failed password for root from 189.205.132.145 port 36742 ssh2

有人破解,我们肯定要进行防范,使用以下的这段代码:

1: #!/bin/sh

2: SCANIP=`grep “Failed” /var/log/secure | awk ‘{print $(NF-3)}’ |sort|uniq -c|awk ‘{print $1″=”$2;}’`

3: for i in $SCANIP

4: do

5: NUMBER=`echo $i|awk -F= ‘{print $1}’`

6: SCANIP=`echo $i|awk -F= ‘{print $2}’`

7: echo “$NUMBER($SCANIP)”

8: if [ $NUMBER -gt 10 ] && [ -z “`iptables -vnL INPUT|grep $SCANIP`” ]

9: then

10: /sbin/iptables -I INPUT -s $SCANIP -m state –state NEW,RELATED,ESTABLISHED -j DROP

11: echo “`date` $SCANIP($NUMBER)” >> /var/log/scanip.log

12: fi

13: done

这段代码作用是:扫描secure安全日志文件,发现超过10次非法链接的ip,将其列入iptable防火墙禁止列表,并保存在记录文件中。