Ukuhamba kumazibuko (ngesiNgesi ukunkqonkqoza kwizibukoNgaphandle kwamathandabuzo isenzo sokuba sonke esilawula iiseva kufuneka sazi kakuhle, nantsi ndicacisa ngokweenkcukacha ukuba yintoni le kwaye ungayenza njani kwaye uyiqwalasele le
Okwangoku abo kuthi balawula iserver banokufikelela kwe-SSH kuloo seva, abanye sitshintsha isibuko esingagqibekanga seSSH kwaye ayisasebenzisi zibuko 22 kwaye abanye bayishiya nje kanjalo (into engacetyiswanga), nangona kunjalo iserver yenza ukuba ukufikelela kwe-SSH kudlule kwizibuko elithile kwaye oku sele 'kusesichengeni'.
Con Ukunkqonkqoza ePort sinokufikelela koku kulandelayo:
1. Ukufikelela kwe-SSH akuvumelekanga ngalo naliphi na izibuko. Ukuba siyiqwalasele i-SSH kwizibuko 9191 (umzekelo) izibuko (9191) liya kuvalwa kuye wonke umntu.
2. Ukuba umntu othile ufuna ukufikelela kwiserver nge-SSH, ngokuqinisekileyo ngekhe bakwazi, kuba izibuko le-9191 livaliwe ... kodwa, ukuba sisebenzisa 'umlingo' okanye indibaniselwano eyimfihlo, eso sibuko siza kuvulwa, umzekelo:
1. Ndisebenzisa umnxeba kwizibuko 7000 yeseva
2. Ndenza enye itelnet kwizibuko 8000 yeseva
3. Ndenza enye itelnet kwizibuko 9000 yeseva
4. Umncedisi ufumanisa ukuba umntu wenze indibaniselwano eyimfihlo (chukumisa amazibuko angama-7000, ama-8000 kunye nama-9000 kulandelelwano) kwaye uya kuvula izibuko 9191 ukucela ukungena ngemvume nge-SSH (iya kuyivula kuphela kwi-IP apho indibaniselwano yenziwe inombolo yezibuko kuyanelisa).
5. Ngoku ukuvala i-SSH ndibeka nje umnxeba kwi-port 3500
6. Ndiza kwenza enye umnxeba kwi-port 4500
7. Kwaye ekugqibeleni enye i-telnet kwizibuko lama-5500
8. Ukwenza olu manyano luyimfihlo olufunyanwa ngumncedisi kuya kuvala izibuko kwakhona ngo-9191.
Ngamanye amagama, ukucacisa oku ngokulula ngakumbi ...
Con Ukunkqonkqoza ePort iseva yethu inokuba namazibuko athile avaliweyo, kodwa xa iserver ikufumanisa oko ku X Umdibaniso wezibuko oluchanekileyo wenziwe (Uqwalaselo oluchazwe ngaphambili kwifayile yoqwalaselo) iya kwenza umthetho othile ngokwawo ngokucacileyo (myalelo ichazwe kwifayile yoqwalaselo).
Ngaba ayiqondakali? 🙂
Uyifaka njani i-daemon yePort Knocking?
Ndiyenza nge package ndikhatile, eya kusivumela ngendlela elula kakhulu kwaye elula kwaye ekhawulezayo yokuphumeza kunye nokumisela Ukunkqonkqoza ePort.
Faka iphakheji: knockd
Uyicwangcisa kanjani iPort Knocking nge knock?
Nje ukuba sifakelwe siyaqhubeka nokuyiqwalasela, ngenxa yoku sihlela (njengengcambu) ifayile /etc/knockd.conf:
nano /etc/knockd.conf
Njengoko ubona kule fayile sele kukho ukumiselwa okungagqibekanga:
Ukuchaza useto olungagqibekanga kulula ngokwenene.
- Ekuqaleni, Sebenzisa iSyslog kuthetha ukuba ukurekhoda umsebenzi (i-log) esiya kuyisebenzisa / Var / log / syslog.
Okwesibini, kwicandelo [vulaSSH] Kulapho ngokucacileyo imiyalelo yokuvula i-SSH izakuya khona, okokuqala sinokulandelelana kwamazibuko (indibaniselwano eyimfihlo) emiselwe ngokungagqibekanga (izibuko 7000, izibuko 8000 kwaye ekugqibeleni izibuko 9000). Ngokucacileyo amazibuko anokutshintshwa (enyanisweni ndiyacebisa) njengokuba kungafuneki ukuba abengu-3, anokuba ngaphezulu okanye ngaphantsi, kuxhomekeke kuwe.
- Isithathu, seq_kuphuma = 5 lithetha ixesha lokulinda indibaniselwano yemfihlo yezibuko ukuba yenzeke. Ngokuzenzekelayo isethwe kwimizuzwana emi-5, oku kuthetha ukuba xa siqala ukwenza izibuko elinqonqozayo (Oko kukuthi, xa sisebenzisa umnxeba kwizibuko 7000) sinemizuzwana emi-5 ubuninzi bokugqiba ulandelelwano oluchanekileyo, ukuba kudlule imizuzwana emi-5 kwaye asikayigqibi izibuko enkqonkqoza emva koko kuya kuba ngokungathi ukulandelelana bekungasebenzi.
- Isine, umyalelo ayifuni nkcazo ininzi. Oku kuya kuba ngumyalelo oya kwenziwa ngumncedisi xa efumanisa indibaniselwano echazwe apha ngasentla. Umyalelo osetelwe ngokwendalo kwinto eyenzayo kukuvula izibuko lama-22 (tshintsha eli zibuko kwi-SSH yakho) kwi-IP kuphela eyenza udibaniso oluchanekileyo lwamazibuko.
- Isihlanu, tcpflags = ukufana Ngalo mgca sichaza uhlobo lweepakethi eziza kuqatshelwa ngumncedisi njengezisebenzayo kwizibuko elinkqonkqozayo.
Ke kukho icandelo lokuvala i-SSH, ukuba ukumiselwa okungagqibekanga akukho nto ngaphandle kokulandelelana okufanayo kwamazibuko apha ngasentla kodwa ngokulandelelana.
Nalu uqwalaselo olunenye iinguqulelo:
Uyiqala njani i-daemon ebethiweyo?
Ukuyiqala kufuneka kuqala siguqule (njengengcambu) ifayile / njl / okungagqibekanga / ukubetha:
nano /etc/default/knockd
Apho sitshintsha umgca we-12 othi: «I-START_KNOCKD = 0»Kwaye utshintshe i-0 ibe yi-1, siza kuba nayo:«I-START_KNOCKD = 1«
Nje ukuba kwenziwe oku ngoku siyakuqala ngokulula:
service knockd start
Kwaye i-voila, iqulunqiwe kwaye iyasebenza.
Izibuko lizibethe ngokunkqonkqoza kwaye libaleka
Njengoko ubona kulungelelwaniso lwangaphambili, ukuba kungqinwa izibuko kwizibuko le-1000, ukuya ku-2000 kwaye ekugqibeleni kube ngu-3000 emva koko izibuko le-2222 (i-SSH yam) liya kuvula, nantsi enye ikhompyuter eyenza izibuko:
Nje ukuba ndicinezele [Ngena] kwiNkqonkqozo yeNombolo 1, kwiNombolo 2 kwaye ekugqibeleni kwiNombolo 3 izibuko liya kuvulwa, nantsi ilog:
Njengoko ubona, xa unkqonkqoza kwizibuko le-1000, inqanaba loku-1 lalibhalisiwe, emva koko ngo-2000 liza kuba linqanaba lesi-2 kwaye ekugqibeleni liyi-3 nge-3000, xa usenza oku, umyalelo endiwubhengeze kwi .conf uyenziwa kwaye yiyo loo nto.
Emva koko ukuvala izibuko kuya kuba kukungqongqoza kuphela i-9000, i-8000 kwaye ekugqibeleni i-7000, nantsi ilog:
Kwaye nantsi inkcazo yokusetyenziswa iphela 😀
Njengoko ubona, i-Port Knocking inomdla kwaye iluncedo, kuba nangona singafuni ukuvula izibuko emva komdibaniso othile wamazibuko, umyalelo okanye i-odolo eza kwenziwa ngumncedisi inokwahluka, oko kukuthi ... endaweni Ukuvula izibuko esinokuthi sibhengeze ukubulala inkqubo, ukumisa inkonzo efana neapache okanye i-mysql, njl ... umda kukucinga kwakho.
Ewe ngoku ukuza kuthi ga ngoku inqaku… andiyongcali kulo mba kodwa bendifuna ukwabelana nani ngale nkqubo inomdla kakhulu.
Ukubulisa 😀
Inqaku elihle, linomdla kwaye bendingazi ukuba likho ... kungakuhle ukuba uqhubeka ubeka amanqaku e-newbie sysadmins kunye nezinto
Imibuliso kunye nemibulelo ^ _ ^
Enkosi ngengcaciso.
Ewe ... kukuba ngamanqaku akwi-DNS ye-FICO, andifuni kushiyeka emva kwe-LOL !!!
Akukhonto engqingwa. Kwiinyanga ezimbalwa ezidlulileyo ndeva into malunga nePort Knocking kwaye yakhawuleza yatsala umdla wam, kodwa kuba bendicinga ukuba izobanzima kakhulu ngela xesha andithathi sigqibo sokungena, izolo nje ndijonga ezinye iipakeji ezivela repo endiyifumene yankqonkqozwa kwaye Ugqibe ekubeni uzame, kwaye nantsi isifundo.
Ndihlala ndikuthanda ukubeka amanqaku ezobuchwephesha, ezinye zisenokungabi mnandi ngokwaneleyo kodwa ... ndiyathemba ukuba ezinye ziyi-😉
Phendula nge quote
Molo, ndiyazi ukuba eli nqaku sele likho kangangexesha elithile kodwa ndazisa umbuzo wam ukubona ukuba ukhona na umntu onokusombulula wona.
Inyani yile yokuba ndiphumeze izibuko enkqonkqoza kwi-raspberry yam ukuzama ukuphucula ukhuseleko xa ndinxibelelana nayo ngaphandle kwenethiwekhi yendawo. Ukuze le nto isebenze kuye kwafuneka ndivule uluhlu lwamazibuko kwi-7000-9990 router eya ngqo kumatshini. Ngaba kukhuselekile ukuvula ezo zibuko kwi-router okanye ngokuchaseneyo, xa uzama ukufumana ukhuseleko ngakumbi, ngaba ndenza ngokuchaseneyo?
Ndiyabulisa kwaye ndiyabulela.
Mkhulu, bendiyi-sysadmin iminyaka kwaye ndingamazi.
Umbuzo omnye ... wenza njani "ukunkqonkqoza"?
Ngaba uhamba ngomnxeba ngokuchasene nala mazibuko? Ithini i-Telnet ekuphendulayo? Okanye ngaba kukho umyalelo othi "knock" wave?
Ipholile kakhulu inqaku. Umtsalane. Ndiyabulela kakhulu
Ndenze uvavanyo nge-telnet kwaye yonke into yasebenza ngokumangalisayo ... kodwa, ngelishwa kukho umyalelo 'wokungqongqoza', yenza a umntu unkqonkqoza ukuze ubone 😉
Itelnet ayiphenduli kum kwaphela, iptables enomgaqo-nkqubo we-DROP iyenza ukuba ingaphenduli kwaphela kwaye i-telnet ihlala apho ilinde impendulo (engasokuze ifike), kodwa i-daemon enkqonkqozayo iyakwamkela ukunkqonkqoza nokuba akukho omnye uyaphendula
Enkosi kakhulu ngezimvo zakho, kuyonwabisa ukwazi ukuba amanqaku am asathanda ^ _ ^
Yongezwe kwiiFavorites! : D!
Gracias!
Enkosi 😀
Ukhuseleko lwe-Ahh, uvakalelo olumnandi xa sikhusela i-pc ukuya kwi-plumb, kwaye emva kweentsuku / iiveki kamva sizama ukunxibelelana ukusuka kwindawo ekude esingenakufikelela kuyo kuba i-firewall ikwi "akukho namnye umntu", oku kubizwa ukuhlala ngaphandle kwe inqaba ngokwe sysadmins. 😉
Kungenxa yoko le nto esi sithuba siluncedo kakhulu, xa unkqonkqoziwe ungafikelela naphi na apho unokuthumela ipakethi kwinethiwekhi yakho yendawo, kwaye abahlaseli baphulukana nomdla xa bebona ukuba i-ssh port ivaliwe, andicingi ukuba bazakunkqonkqoza ngamandla ukuvula izibuko.
Hayi, inqaku lilungile.
Inye kuphela into: Ngaba iyasebenza ukunxibelelana ngaphandle kwenethiwekhi yendawo?
Ndiyitsho le nto kuba ndinomzila onamazibuko avaliweyo thabatha lo uhambelana ne-ssh ebhekiswe kwiserver.
Ndicinga ukuba ukuze isebenze ngaphandle kwenethiwekhi yendawo, kuyakufuneka kuvulwe amazibuko erutha ehambelana nePort Knocking kwaye ibenze baphinde baqondise kwiseva.
Mmm ...
Andazi ukuba kukhuseleke kangakanani ukwenza oku.
Ucinga ntoni?
Andiqinisekanga ncam, andilwenzi uvavanyo kodwa ndicinga ewe, kuya kufuneka uvule amazibuko kwi-router kungenjalo ngekhe unkqonkqoze iseva.
Yenza uvavanyo ngaphandle kokuvula izibuko kwi-router, ukuba ayisebenzi kuwe kulihlazo, kuba ndiyavumelana nawe, ayicetyiswa into yokuba uvule la mazibuko kwi-router.
Ewe kufuneka sivule amazibuko size siwathumele kwikhompyuter esiyibizayo.
Usizi.
Enkosi kakhulu enkosi! Ndiyaqala nje ukufunda inethiwekhi kwaye ezi zifundo zilungile kum! enkosi ngokuthatha ixesha lakho ukwabelana ngolwazi
Ndifunde okuninzi kwiminyaka edlulileyo kunye noluntu lweLinux jikelele ... kwiminyaka embalwa bendifuna ukufaka isandla nayo, yiyo loo nto ndibhala 😀
Enkosi kakhulu, awazi ukuba indinceda njani, sendizakuseta iseva kwaye oku kuya kundilungela.
Phendula nge quote
Yile nto siyiyo, ukunceda 😉
Inqaku elihle! Andinalwazi lwale nto kwaye iyandinceda kakhulu (ndisebenzisa iRackSpace esebenzisa i-KVM, ke iyandifanela njengeglavu!). Yongezwe kwintandokazi.
Enkosi ngokuphawula 🙂
Como siempre DesdeLinux izisa izithuba ezigqwesileyo ezinezifundo eziluncedo ngokwenene ukwenza isenzo, enkosi ngokwabelana !! 🙂
Enkosi ngengcaciso yakho 🙂
Ewe sihlala sizama ukwanelisa loo mnqweno wolwazi abafundi bethu abanalo 😀
Into ebangela umdla kukuba andazi ukhetho.
Yiya ngqo ekutyebiseni ilayibrari yam yokusika.
Gracias!
Uyolo kum 😀
Phendula nge quote
Ndiyabulisa KZKG ^ Gaara !!! Ucinezele. Inqaku elimangalisayo lokufumana iiseva. Hayi @% * & ^ uluvo lokuba into enjalo ikhona. Ndizakuzama. Enkosi
Oku kakuhle…. ^ - ^
Molo, ungachaza ukuba ungayifaka njani kwi-CentOS 5.x?
Ndikhuphele i-rpm:
http://pkgs.repoforge.org/knock/knock-0.5-3.el5.rf.x86_64.rpm
Kufakwe:
rpm -i knock-0.5-3.el5.rf.x86_64.rpm
Qwalasela ifayile yoqwalaselo enemizuzwana eli-15 yexesha kunye nezibuko endilisebenzisa ukunxibelelana nge-ssh kwi-vps yam
Idemon iqala:
/ usr / sbin / unkqonkqozile &
I-telnet kwaye akukho nto izibuko ingavaliyo, ngokungagqibekanga izibuko livulekile, kodwa alivali.
Ngaba ndenza into engalunganga?
Mmmm, izicelo zomnxeba kwezi zibuko zinokufundwa ngumlawuli wenethiwekhi yethu, okanye ngumboneleli ngenkonzo wethu, hayi? Ingavimba abantu bangaphandle kodwa ingengabo, ke ukuba bafuna ukwenza izibuko lethu bangayenza kuba jonga izicelo esizenzayo, mmm masithi iyakhusela kodwa hayi i-100%
Inokuba kunjalo, kodwa andicingi ukuba bazakucinga ukuba i-telnet ethile iphumeza isenzo se-X. Ngaphandle kokuba babone ukuba iipateni ezifanayo zeetelnet ziyalandelwa.
Inqaku elinomdla, ndinombuzo. Ndicinga ukuba kukho impazamo kumfanekiso wefayile yoqwalaselo, kuba ukuba uhlalutya kakuhle, kuyo yomibini imigca yomyalelo usebenzisa i-ACCEPT kwii-Iptable. Ndicinga ukuba enye kufuneka YAMKELE kwaye enye ibe YINQABA.
Ngaphandle koko, inyathelo lokuqala. Enkosi kakhulu ngokuthatha ixesha uchaze ulwazi lwakho kwabanye.
Phendula nge quote