Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "how to resist brute force cracking under linux". Xiaobian shows you the operation process through actual cases. The operation method is simple and fast and practical. I hope this article "how to resist brute force cracking under linux" can help you solve the problem.

Using iptables now connects ssh per minute

#Allow local loopback interface access

iptables -a input -i lo -j accept

#Release all links already established

iptables -a input -m state -state established -j accept

#Only two new connections to SSH are allowed per minute, established connections are unlimited

The code is as follows:

iptables -a input -p tcp -dport 22 -m limit -limit 2/minute -limit-burst 2 -m state -state new -j accept

#Add Default Policy Deny All

iptables -p input drop Deny access to ip of incorrect ssh password using denyhost

Install DenyHost

tar -zxvf denyhosts-2.6.tar.gzcd denyhosts-2.6python setup.py install #install denyhostscd /usr/share/denyhosts/ #Default installation path cp denyhosts.cfg-dist denyhosts.cfg #denyhosts.cfg is the configuration file cp daemon-control-dist daemon-control #daemon-control chown root daemon-control #Add root chmod 700 daemon-control #Modify to executable file ln -s /usr/share/denyhosts/daemon-control /etc/init.d #Soft connect daemon-control for easy management/etc/init.d/daemon-control start #Start denyhostschkconfig daemon-control on #Set denghosts to boot

configure denyhost

vim /usr/share/denyhosts/denyhosts.cfghosts_deny = /etc/hosts.deny #Control user login file purge_deny = 30m #After how long to clear the banned, set to 30 minutes;block_service = sshd #Prohibited service name, of course denyhost is not only used for ssh service deny_threshold_invalid = 1 #Allow invalid user failures deny_threshold_valid = 5 #Allow normal user login failures deny_threshold_root = 5 #Number of root login failures allowed daemon_log = /var/log/denyhosts #path to denyhosts log file, default

After changing the default configuration of denyhosts, restart the denyhosts service to take effect:

/etc/init.d/daemon-control restart #Restart denyhosts About "how to resist brute force cracking under linux" The content is introduced here, thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the industry information channel. Xiaobian will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.