今天登陸服務(wù)器,就看見(jiàn)提示信息.
There were 8925 failed login attempts since the last successful login.
牛牪犇逼啊
果斷改了ssh的端口

vim /etc/ssh/sshd_conf
  Port 22  #修改端口號(hào)
systemctl restart sshd  #重啟服務(wù)

無(wú)意間又看到DenyHosts這個(gè)小東西
yum安裝,嗯,沒(méi)有包.之后手動(dòng)下載rpm了

wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el7/en/x86_64/rpmforge/RPMS/denyhosts-2.6-5.el7.rf.noarch.rpm
rpm -ivh denyhosts-2.6-5.el7.rf.noarch.rpm
systemctl start denyhosts
systemctl enable denyhosts.service
systemctl status denyhosts

另附偷來(lái)的配置文件

# grep -Ev '^#|^$' /etc/denyhosts.conf   
 ############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 4w        // ip被禁止之后，多久可以釋放(w表示周，d表示天，h表示小時(shí)，m表示分鐘)
BLOCK_SERVICE  = sshd     // 檢測(cè)的服務(wù)
DENY_THRESHOLD_INVALID = 5     // 無(wú)效用戶嘗試次數(shù)之后即被鎖定
DENY_THRESHOLD_VALID = 10      //  有效普通用戶嘗試次數(shù)
DENY_THRESHOLD_ROOT = 1       //   root用戶嘗試次數(shù)
DENY_THRESHOLD_RESTRICTED = 1    // 設(shè)定denyhosts將數(shù)據(jù)寫入到/etc/hosts.deny文件中
WORK_DIR = /var/lib/denyhosts      //denyhosts工作數(shù)據(jù)目錄
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES     // 域名解析
LOCK_FILE = /var/lock/subsys/denyhosts
 ############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = root
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]
AGE_RESET_VALID=5d           //普通有效用戶登陸計(jì)數(shù)清零時(shí)間
AGE_RESET_ROOT=25d        //root用戶登陸計(jì)數(shù)清零時(shí)間
AGE_RESET_RESTRICTED=25d     // /etc/hosts.deny文件清除數(shù)據(jù)時(shí)間
AGE_RESET_INVALID=10d
 ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
 #########   THESE SETTINGS ARE SPECIFIC TO     ##########
 #########       DAEMON SYNCHRONIZATION         ##########

另外我又把ssh端口改回了22
每天看看/etc/hosts.deny有多少ip被屏蔽
你們盡管撞

image.png