每天观察我的Linux logwatch日志,就会发现有很多验证失败的访问。可以肯定,有不友善的人在试图用我计算机内的账户非法入侵。我当然不能袖手旁观。假如你也遇到过类似事件,今天我们就一起来讨论下应对方法:
sshd:
   Authentication Failures:
      root (123.103.15.215):886Time(s)
      unknown (218.247.185.218): 224 Time(s)
      root (122.193.5.68): 388 Time(s)
      rpm (218.247.185.218): 1 Time(s)
      squid (218.247.185.218): 1 Time(s)
      sshd (218.247.185.218): 1 Time(s)
..................
   Invalid Users:
      Unknown Account: 341 Time(s)

其实,一个叫denyhosts的软件以解决这个问题。

Debian下面安装方法很简单:
root@netren.org:~# apt-get install denyhosts
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  denyhosts
0 upgraded, 1 newly installed, 0 to remove and 42 not upgraded.
Need to get 65.9kB of archives.
After this operation, 442kB of additional disk space will be used.
Get:1 http://ftp.debian.org lenny/main denyhosts 2.6-4 [65.9kB]
Fetched 65.9kB in 9s (7197B/s)
Selecting previously deselected package denyhosts.
(Reading database ... 46319 files and directories currently installed.)
Unpacking denyhosts (from .../denyhosts_2.6-4_all.deb) ...
Processing triggers for man-db ...
Setting up denyhosts (2.6-4) ...
Starting DenyHosts: denyhosts.

真是太智能了,安装完成后它按照你的系统品牌自动设置好了配置文件,而且已经开始工作了。当然我们也可以再根据自己的喜好做适当修改。
>>>阅读全文