|
Ndicingela abantu abaqhubayo Iiseva zeLinux uyazi kwaye uyazi malunga I-DenyHOSTS y Isilele2ban. Kwabo abangaziyo, ndiya cacisa kancinci ngezi zimbini izicelo. |
Siza kufaka kwaye silungiselele ezi zicelo zibini ukuphepha iintloko ezibuhlungu kamva. Okokuqala, siza kuchaza ukuba zithini ezi zicelo zibini kwaye yintoni umsebenzi wazo:
Ukusilela2Ban
Ingumhlalutyi welogi ojonga iinzame zokubhalisa ezingaphumelelanga kwaye ivimba ii-IPs apho ezi nzame zivela khona. Isasazwa phantsi kwelayisensi ye-GNU kwaye ngokuqhelekileyo isebenza kuzo zonke iinkqubo ezisebenzisana nenkqubo yokulawula uhlaselo okanye i-firewall yendawo.
IFail2Ban inobumbeko olukhulu kwaye inokudala imithetho yeenkqubo
eyakho okanye eyesithathu.
I-DenyHOSTS
Sisixhobo sokhuseleko esibhalwe kwipython ebeka iliso kwiilog zokufikelela kwiseva ukunqanda uhlaselo lwamandla akhohlakeleyo kumncedisi wenyani. Inkqubo isebenza ngokuthintela iidilesi ze-IP ezidlula inani elithile lemizamo yokudibanisa engaphumelelanga.
Ezi zicelo zeLinux -DenyHosts kunye neFail2ban- zingasetyenziswa ngokwahlukeneyo okanye kunye. Kwimeko yam ndibasebenzisa bobabini.
Ufakelo kunye noqwalaselo ngalunye luxhomekeke kunikezelo olusebenzisayo. Esi sithuba sijolise kwi-CentOS 6.3, nangona umahluko phakathi kwezinye ii-distros ungaphawulwanga kakhulu.
Kulungile ke masiqale emsebenzini.
Ufakelo kunye noLungiselelo lweFail2Ban
Esi sicelo sivelisa imithetho eguquguqukayo kwi-firewall ye-Linux ngokwayo, kwaye inoxanduva lokudala imithetho ephilayo kwi-IpTables.
Ukufakwa
Ukufakela konke okufunayo kuku:
yum faka fail2ban
Ukuba iphakheji ayibonakali, kufuneka songeze indawo yokugcina eyimfuneko:
rpm -Uvh http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-7.noarch.rpm
Ngale nto kufuneka uqale ukuhlohla isicelo kunye nokuxhomekeka kwaso.
Ngoku kufuneka siqwalasele iFail2Ban ukuze ihlalutye iilog esizifunayo kunye neebhloko
IP's, ukuthumela izaziso nge-imeyile. Ukwenza oku kufuneka siguqule ifayile ye-jail.conf esiyifumene kwi-/etc/fail2ban
cd /etc/fail2ban
nano jail.conf
Kule fayile kufuneka kwenziwe oku kulandelayo:
- Guqula ixabiso le-bantime, eli xabiso limisela ixesha kwimizuzwana apho umhlaseli we-IP azakuvinjwa khona, ngokungagqibekanga ixabiso yimizuzwana engama-600.
- Fumana ixabiso le-maxretry eliya kuba linani lamaxesha i-IP inokuqinisekisa ukungaphumeleli phambi kokuba ivalwe.
- Yongeza ii-ip zethu kwiparamitha yokungahoyi. Apha isicelo asiyi kuzihoya ii-IP zethu eziqinisekisiweyo kwipharamitha ekhankanyiweyo.
[IINKCUKACHA]
# "ignoreip" ingaba yidilesi ye-IP, imaski yeCIDR okanye i-DNS host. IFail2ban ayiyi
# vala umamkeli ohambelana nedilesi kolu luhlu. Iidilesi ezininzi zinokuba
# ichazwe kusetyenziswa isahluli sesithuba.
ignoreip = 127.0.0.1
# "bantime" linani lemizuzwana apho umamkeli uvaliwe.
ixesha = 600
# Umamkeli uvaliwe ukuba wenze "maxretry" ngexesha lokugqibela "lokufumana"
# imizuzwana.
ixesha lokufumana = 600
# "maxretry" linani lokusilela phambi kokuba umamkeli uvalwe.
maxretry = 3
Umzekelo wendlela enokuthi ibonakale ngayo ngolu hlobo lulandelayo:
ignoreip = 127.0.0.1 190.25.242.75 192.168.1.0/24
ixesha = 800
maxretry = 2
Qwalasela iFail2Ban kunye neSSH
Ukukhangela iinzame zokungena kwi-SSH ezingaphumelelanga, silungisa ifayile ide ibukeke ngolu hlobo lulandelayo:
[ssh-iptables]
inikwe amandla = yinyani
isihluzi = sshd
isenzo = iptables[igama=SSH, izibuko=22, iprotocol=tcp]sendmail-whois[igama=SSH, dest=FredySnake@outlook.com, umthumeli=fail2ban@localhost]logpath = /var/log/secure # Le yile log ezakuhlalutya fail2ban
maxretry = 3 # nayiphi na i-IP enemizamo emithathu okanye ngaphezulu engaphumelelanga iya kuvalwa.
bantime = 86400 # 24 iiyure ban ixesha elichazwe ngemizuzwana
Ungalibali ukuba uguqula izibuko apho iSSH imamela khona, kuya kufuneka uguqule iparameter yezibuko.
Esi sicelo asisebenzi kuphela ukufikelela okungagunyaziswanga kwi-SSH, kodwa nakwi-Apache, ukufunda i-Asterisk logs, njl.
UFakelo lwe-DenyHOSTS kunye noqwalaselo
Ukusebenza kwayo kusekelwe ekusetyenzisweni kwefayile /etc/hosts.deny, oko kukuthi, ukuvala iidilesi zemikhosi "yokuhlasela", ukudala uluhlu lwemikhosi ephikisiweyo.
Singafumana ufakelo kwiindawo zokugcina ngalo myalelo ulandelayo:
yum faka i-denyhosts
Ifayile yoqwalaselo ibekwe kwi/etc/denyhosts.conf
Ngaphambi kokuqhubeka, kuba njengabantu sinokwenza iimpazamo kwaye senze "uLuhlu lwesi-8" oluqhelekileyo xa sifikelela kuzo naziphi na iinkonzo kwaye sizithintele. Ukuphepha oko, sihlela ifayile /etc/hosts.allow kwaye songeza ii-IPs zoomatshini apho singafuni ukuba izithintelo zibekwe kwimeko yokungaphumeleli kokufikelela.
Ukuguqulwa kwefayile ye-denyhosts.conf
Ukuze singangeni nzulu kuqwalaselo, kule fayile sizakuyihlela kuphela kwaye sikhuphe iiparameters ezithile. Zezi:
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = ewe
SYNC_DOWNLOAD = ewe
SYNC_DOWNLOAD_THRESHOLD = 3
SYNC_DOWNLOAD_RESILIENCY = 5h
Ke, siya kushiya uqwalaselo olungagqibekanga, kodwa ngokhuseleko olukhulu ngokuchasene nohlaselo lwe-SSH.
nano /etc/hosts.allow
Umzekelo:
sshd:127.0.0.1
sshd:192.168.1.10
sshd: 192.168.0.
Emva koko, siqala kwakhona inkonzo:
/etc/init.d/denyhosts qala kwakhona
Ngale nto sinika imvume kwi-IP, uluhlu lwe-IP kwaye ngokuqinisekileyo kwi-loopback interface yethu. Into endingazange ndiyizame - ngoko ke andazi ukuba iyasebenza - idibanisa iiDNSs kule fayile; oko kukuthi, ngeenkonzo ezifana DynDNS. Ukuba ndiyayenza, ndiza kukwazisa ukuba ihambe njani.
Ngeenketho ezithile kunye nezicwangciso siya kuqinisekisa ukuba emva kwexesha esibonisa kwi-DenyHOSTS uqwalaselo, iidilesi ezigciniweyo ziya kucocwa, kwaye ziya kuhlaziywa kunye nolunye uluhlu olwenziwe ngabanye - ukuba siyayibonisa - ukunika imvume. ukufikelela kumncedisi.
Ukuze iidilesi ezigciniweyo zicocwe kumaxesha ngamaxesha, njengoko kuqwalaselwe, i-daemon kufuneka iqhutywe nge--purge parameter:
/etc/init.d/denyhosts qala --purge
Ukongeza koku, kufuneka siyifake ekuqaleni kwenkqubo:
chkconfig denyhosts on