denyhosts
denyhosts 是一款能有效防止通过暴力破解登录系统的软件
代码语言:javascript复制DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack host, updates the /etc/hosts.deny file to prevent future break-in attempts from that host. Email reports can be sent to a system admin.
[root@check-list ~]# yum list all | grep -i denyhost
denyhosts.noarch 2.6-20.el6 epel
[root@check-list ~]# yum install denyhosts.noarch
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.skyshe.cn
* epel: mirrors.opencas.cn
* extras: mirrors.skyshe.cn
* updates: mirrors.skyshe.cn
Resolving Dependencies
--> Running transaction check
---> Package denyhosts.noarch 0:2.6-20.el6 will be installed
--> Processing Dependency: libselinux-python for package: denyhosts-2.6-20.el6.noarch
--> Running transaction check
---> Package libselinux-python.x86_64 0:2.0.94-5.8.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
denyhosts noarch 2.6-20.el6 epel 90 k
Installing for dependencies:
libselinux-python x86_64 2.0.94-5.8.el6 base 203 k
Transaction Summary
===========================================================================================================
Install 2 Package(s)
Total download size: 292 k
Installed size: 921 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): denyhosts-2.6-20.el6.noarch.rpm | 90 kB 00:00
(2/2): libselinux-python-2.0.94-5.8.el6.x86_64.rpm | 203 kB 00:00
-----------------------------------------------------------------------------------------------------------
Total 479 kB/s | 292 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Importing GPG key 0x0608B895:
Userid : EPEL (6) <epel@fedoraproject.org>
Package: epel-release-6-8.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : libselinux-python-2.0.94-5.8.el6.x86_64 1/2
Installing : denyhosts-2.6-20.el6.noarch 2/2
Verifying : denyhosts-2.6-20.el6.noarch 1/2
Verifying : libselinux-python-2.0.94-5.8.el6.x86_64 2/2
Installed:
denyhosts.noarch 0:2.6-20.el6
Dependency Installed:
libselinux-python.x86_64 0:2.0.94-5.8.el6
Complete!
[root@check-list ~]#
[root@check-list ~]# /etc/init.d/denyhosts start
Starting denyhosts: [ OK ]
[root@check-list ~]#
[root@check-list ~]# ps faux | grep denyho
root 7961 0.0 0.0 103304 876 pts/0 S 20:31 0:00 _ grep denyho
root 7958 0.0 0.0 189188 6972 ? S 20:31 0:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
[root@check-list ~]# chkconfig --list | grep deny
denyhosts 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@check-list ~]# chkconfig denyhosts on
[root@check-list ~]# chkconfig --list | grep deny
denyhosts 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@check-list ~]#
