Yadda ake Samun Tushen da Mai Amfani SSH Faɗakarwar Imel na Shiga

A duk lokacin da muka shigar, daidaitawa da amintattun sabar Linux a cikin yanayin samarwa, yana da matukar mahimmanci don ci gaba da bin diddigin abin da ke faruwa tare da sabar da wanda ke shiga uwar garken gwargwadon abin da ya shafi tsaro na sabar.

Me yasa, saboda idan wani ya shiga cikin uwar garken azaman tushen mai amfani ta amfani da dabarar ƙarfi akan SSH, to kuyi tunanin yadda zai lalata sabar ku. Duk mai amfani da ya sami tushen tushen zai iya yin duk abin da yake so. Don toshe irin waɗannan hare-haren SSH, karanta labaran mu masu zuwa waɗanda ke bayyana yadda ake kare sabar daga irin waɗannan hare-haren.

1. Toshe Hare-haren Ƙarfin Ƙarfin Sabar Sabar SSH Ta Amfani da DenyHosts
2. Yi amfani da Pam_Tally2 don Kulle da Buɗe Shigar da ba a yi nasarar SSH ba
3. 5 Mafi kyawun Ayyuka don Aminta da Kare Sabar SSH

Don haka, ba kyakkyawan aiki ba ne don ba da izinin shiga tushen kai tsaye ta hanyar zaman SSH kuma bayar da shawarar ƙirƙirar asusun da ba tushen tushen sudo ba. Duk lokacin da ake buƙatar samun tushen tushen, fara shiga azaman mai amfani na yau da kullun sannan amfani da su don canzawa zuwa tushen mai amfani. Don musaki tushen shiga SSH kai tsaye, bi labarinmu na ƙasa wanda ke nuna yadda ake kashewa da iyakance tushen shiga cikin SSH.

1. Kashe Tushen Shiga SSH kuma Iyakance Samun SSH

Koyaya, wannan jagorar yana nuna hanya mai sauƙi don sanin lokacin da wani ya shiga azaman tushen ko mai amfani na yau da kullun yakamata ya aika sanarwar faɗakarwar imel zuwa ƙayyadadden adireshin imel tare da adireshin IP na shiga na ƙarshe. Don haka, da zarar kun san adireshin IP na shiga na ƙarshe da mai amfani da ba a sani ba ya yi za ku iya toshe hanyar SSH na takamaiman adireshin IP akan iptables Firewall.

1. Yadda ake toshe Port a Iptables Firewall

Yadda ake saita faɗakarwar Imel ta SSH a cikin Linux Server

Don aiwatar da wannan koyawa, dole ne ku sami damar matakin tushen tushen sabar da ɗan ƙaramin ilimin nano ko edita da kuma mailx (Client Client) da aka sanya akan sabar don aika imel. Dangane da rarrabawar ku zaku iya shigar da abokin ciniki na mailx ta amfani da ɗayan waɗannan umarni.

# apt-get install mailx

# yum install mailx

Yanzu shiga azaman mai amfani kuma je zuwa tushen tushen tushen ta hanyar buga cd/tushen umarnin.

# cd /root

Na gaba, ƙara shigarwa zuwa fayil ɗin .bashrc. Wannan fayil yana saita sauye-sauyen yanayi na gida ga masu amfani kuma yana yin wasu ayyukan shiga. Misali, anan muna saita faɗakarwar shiga imel.

Buɗe fayil ɗin .bashrc tare da editan vi ko nano. Da fatan za a tuna .bashrc ɓoye fayil ne, ba za ku gan shi ta yin umarnin ls-l ba. Dole ne ku yi amfani da tuta don ganin fayilolin ɓoye a cikin Linux.

# vi .bashrc

Ƙara layin gaba ɗaya a kasan fayil ɗin. Tabbatar maye gurbin \ServerName da sunan mai masaukin uwar garken ku kuma canza \[email tsare] tare da adireshin imel ɗin ku.

echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" [email 

Ajiye da rufe fayil ɗin sannan ka fita sannan ka koma ciki. Da zarar ka shiga ta hanyar SSH, fayil ɗin .bashrc ta tsohuwa ana aiwatar da shi kuma ya aiko maka da adireshin imel na jijjiga tushen shiga.

ALERT - Root Shell Access (Database Replica) on: Thu Nov 28 16:59:40 IST 2013 tecmint pts/0 2013-11-28 16:59 (172.16.25.125)

Shiga azaman mai amfani na yau da kullun (tecmint) kuma je zuwa kundin adireshin mai amfani ta hanyar buga cd/home/tecmint/ umarni.

# cd /home/tecmint

Na gaba, buɗe fayil ɗin .bashrc kuma ƙara layin da ke gaba a ƙarshen fayil ɗin. Tabbatar maye gurbin dabi'u kamar yadda aka nuna a sama.

echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" [email 

Ajiye da rufe fayil ɗin kuma fita kuma sake shiga. Da zarar ka sake shiga, an aiwatar da fayil ɗin .bashrc kuma ya aika maka da adireshin imel na faɗakarwar shiga mai amfani.

Ta wannan hanyar zaku iya saita faɗakarwar imel akan kowane mai amfani don karɓar faɗakarwar shiga. Kawai buɗe fayil ɗin .bashrc na mai amfani wanda yakamata ya kasance ƙarƙashin jagorar gida na mai amfani (watau /home/username/.bashrc) kuma saita faɗakarwar shiga kamar yadda aka bayyana a sama.