Takaita Hare-haren Server na SSH (Haɓakar Forcearfin )arfi) Ta Amfani da DenyHosts
DenyHosts shine tushen buɗaɗɗen tushe da kuma tsarin kariya na kutse na kyauta game da sabobin SSH waɗanda aka haɓaka cikin yaren Python ta Phil Schwartz. An yi niyya don saka idanu da nazarin rajistan ayyukan uwar garken SSH don yunƙurin shiga ba daidai ba, hare-haren ƙamus da kai hare-hare ta ƙarfi ta hanyar toshe adiresoshin IP na asali ta hanyar ƙara shigarwa zuwa /etc/hosts.deny fayil a kan sabar kuma ta hana adireshin IP yin duk wani irin wannan yunkurin shiga.
DenyHosts kayan aiki ne da ake buƙata don duk tsarin tushen Linux, musamman lokacin da muke ƙyale kalmar sirri ssh ta shiga. A cikin wannan labarin zamu nuna muku yadda ake girka da saita DenyHosts akan RHEL 6.3/6.2/6.1/6/5.8, CentOS 6.3/6.2/6.1/6/5.8 da Fedora 17,16,15,14,13,12 tsarin amfani da wurin ajiyar epel.
Duba kuma:
- Fail2ban (Tsarin Rigakafin) Tsarin SSH
- Kashe ko Kunna Shiga Hanyar SSH
- Binciken Malware na Linux (LMD)
Shigar da DenyHosts a cikin RHEL, CentOS da Fedora
Ta tsoho kayan aikin DenyHosts ba su cikin tsarin Linux, muna buƙatar shigar da shi ta amfani da wurin ajiyar EPEL na ɓangare na uku. Da zarar an ƙara wurin ajiya, shigar da kunshin ta amfani da bin umarnin YUM.
# yum --enablerepo=epel install denyhosts OR # yum install denyhosts
Haɗa DenyHosts don Adireshin IP na Whitelist
Da zarar an shigar da Denyhosts, ka tabbata ka sanya adireshin IP ɗinka cikin fari, don haka ba za a taɓa kulle ka ba. Don yin wannan, buɗe fayil /etc/hosts.allow.
# vi /etc/hosts.allow
A ƙasa da bayanin, ƙara kowane adireshin IP ɗin ɗaya bayan ɗaya a kan layi daban, wanda ba za ku taɓa son toshewa ba. Tsarin ya zama kamar haka.
# # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: 172.16.25.125 sshd: 172.16.25.126 sshd: 172.16.25.127
Harhadawa DenyHosts don Faɗakarwar Imel
Babban fayil ɗin daidaitawa yana ƙarƙashin /etc/denyhosts.conf. Ana amfani da wannan fayil ɗin don aika faɗakarwar imel game da hanyoyin shigarwa da ƙuntataccen masauki. Bude wannan fayil din ta amfani da editan VI.
# vi /etc/denyhosts.conf
Bincika 'ADMIN_EMAIL' kuma ƙara adireshin imel ɗin ku a nan don karɓar faɗakarwar imel game da hanyoyin shiga m (don faɗakarwar imel da yawa amfani da waƙafi rabu). Da fatan za a duba fayil ɗin sanyi na uwar garken CentOS 6.3 na. Kowane mai canji yana da rubuce sosai don haka saita shi daidai da yadda kake so.
############ DENYHOSTS REQUIRED SETTINGS ############ SECURE_LOG = /var/log/secure HOSTS_DENY = /etc/hosts.deny BLOCK_SERVICE = sshd DENY_THRESHOLD_INVALID = 5 DENY_THRESHOLD_VALID = 10 DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /var/lib/denyhosts SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=YES LOCK_FILE = /var/lock/subsys/denyhosts ############ DENYHOSTS OPTIONAL SETTINGS ############ ADMIN_EMAIL = [email SMTP_HOST = localhost SMTP_PORT = 25 SMTP_FROM = DenyHosts <[email > SMTP_SUBJECT = DenyHosts Daily Report ############ DENYHOSTS OPTIONAL SETTINGS ############ DAEMON_LOG = /var/log/denyhosts DAEMON_SLEEP = 30s DAEMON_PURGE = 1h
Sake Sake Sabis na DenyHosts
Da zarar kayi tare da tsarinka, sake farawa sabis na denhosts don sababbin canje-canje. Hakanan muna ƙara sabis na denhosts zuwa tsarin farawa.
# chkconfig denyhosts on # service denyhosts start
Kalli rajistan ayyukan DenyHosts
Don kallon rajista na denhosts ssh don yawan maharan da masu fashin kwamfuta suna ƙoƙari don samun damar zuwa sabarku. Yi amfani da umarni mai zuwa don duba ainihin lokacin rajistan ayyukan.
# tail -f /var/log/secure
Nov 28 15:01:43 tecmint sshd[25474]: Accepted password for root from 172.16.25.125 port 4339 ssh2 Nov 28 15:01:43 tecmint sshd[25474]: pam_unix(sshd:session): session opened for user root by (uid=0) Nov 28 16:44:09 tecmint sshd[25474]: pam_unix(sshd:session): session closed for user root Nov 29 11:08:56 tecmint sshd[31669]: Accepted password for root from 172.16.25.125 port 2957 ssh2 Nov 29 11:08:56 tecmint sshd[31669]: pam_unix(sshd:session): session opened for user root by (uid=0) Nov 29 11:12:00 tecmint atd[3417]: pam_unix(atd:session): session opened for user root by (uid=0) Nov 29 11:12:00 tecmint atd[3417]: pam_unix(atd:session): session closed for user root Nov 29 11:26:42 tecmint sshd[31669]: pam_unix(sshd:session): session closed for user root Nov 29 12:54:17 tecmint sshd[7480]: Accepted password for root from 172.16.25.125 port 1787 ssh2
Cire Haramtaccen Adireshin IP daga DenyHosts
Idan kun taɓa katange bazata kuma kuna son cire wannan adireshin IP ɗin da aka hana daga denhosts. Kuna buƙatar dakatar da sabis ɗin.
# /etc/init.d/denyhosts stop
Don cire ko share haramtaccen adireshin IP gaba ɗaya. Kuna buƙatar shirya fayilolin masu zuwa kuma cire adireshin IP.
# vi /etc/hosts.deny # vi /var/lib/denyhosts/hosts # vi /var/lib/denyhosts/hosts-restricted # vi /var/lib/denyhosts/hosts-root # vi /var/lib/denyhosts/hosts-valid # vi /var/lib/denyhosts/users-hosts
Bayan cire Adireshin IP ɗin da aka dakatar, sake kunna sabis ɗin.
# /etc/init.d/denyhosts start
Adireshin IP mai laifi wanda aka kara zuwa duk fayilolin da ke karkashin/var/lib/denhosts directory, saboda haka yana da matukar wahala a iya tantance fayilolin da ke dauke da adireshin IP mai laifi. Ofayan mafi kyawun hanyar gano adireshin IP ta amfani da umarnin grep. Misali don gano adireshin IP 172.16.25.125, yi.
cd /var/lib/denyhosts grep 172.16.25.125 *
Adireshin IP na Whitelist Dindindin a DenyHosts
Idan ka lissafo a tsaye adireshin IP ɗin da kake son karɓaɓɓe koyaushe. Bude fayil/var/lib/denhosts/izini-runduna fayil. Duk adireshin IP ɗin da aka haɗa a cikin wannan fayil ɗin ba za a hana shi ta tsohuwa ba (la'akari da wannan azaman ɗan lokaci).
# vi /var/lib/denyhosts/allowed-hosts
Kuma ƙara kowane adireshin IP akan layi daban. Adana kuma ka rufe fayil ɗin.
# We mustn't block localhost 127.0.0.1 172.16.25.125 172.16.25.126 172.16.25.127