當(dāng)你的linux服務(wù)器暴露在外網(wǎng)當(dāng)中時(shí),服務(wù)器就極有可能會(huì)遭到互聯(lián)網(wǎng)上的掃描軟件進(jìn)行掃描,然后試圖連接ssh端口進(jìn)行暴力破解(窮舉掃描)。如果遇到這個(gè)問(wèn)題,一款非常有用的工具DenyHosts可以阻止試圖猜測(cè)SSH登錄口令。DenyHosts是用Python寫的一個(gè)程序,它會(huì)分析SSHD的日志文件(Redhat為/var/log/secure等),當(dāng)發(fā)現(xiàn)同一IP在進(jìn)行多次SSH密碼嘗試時(shí)就會(huì)記錄IP到/etc/hosts.deny文件,從而達(dá)到自動(dòng)屏蔽該IP的目的。
DenyHost的官方網(wǎng)址為http://denyhosts.sourceforge.net/ 官方的介紹如下:
What is DenyHosts?
DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.
Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host.