Sawubona abangane kusuka DesdeLinux, okwathenjiswa isikweletu nansi iposi mayelana ukukhulisa kanjani ukuvikelwa kwezinhlelo zeLinux futhi uhlale unjalo ephephile kubantu abangenayo kanye nokuvikela imininingwane kumaseva wakho, ama-PC noma ama-laptops !!!!
I-Comenzando
I-Fail2ban: uhlelo lokusebenza olubhalwe ePython ukuvimbela ukungena ohlelweni, olusebenza ngokujezisa noma ngokuvimba ukuxhumana okukude okuzama ukufinyelela ngamandla.
Ukufaka:
I-Fedora, RHEL, CentOS:
yum install fail2ban
I-Debian, Ubuntu:
apt-get install fail2ban
Ukusetha:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local nano /etc/fail2ban/jail.local
Engxenyeni ebizwa nge- [DEFAULT] asixhumanisi futhi siguqula i- #bantime = 3600 siyishiya kanjena:
#bantime = 3600 bantime = 604800
Engxenyeni ye- [sshd] sethula i-enabled = true ukuyishiya kanjena:
#enabled = true inikwe amandla = kuyiqiniso
Songa nge-CTRL + O futhi sivale nge-CTRL + X
Siqala isevisi:
I-Fedora, RHEL, CentOS:
i-systemctl inika amandla i-fail2ban.service systemctl qala i-fail2ban.service
I-Debian, Ubuntu:
insizakalo yehlulekile ukuvalwa kokuqala
Yenqaba ukufinyelela kwezimpande usebenzisa i-ssh:
Ukuvikela umshini wethu sizokwenqaba i-ssh ngomsebenzisi wezimpande. Ukuze senze lokhu, sihlela ifayela le / etc / ssh / sshd_config kanje:
cp sshd_config sshd_config.bck nano / njll / ssh / sshd_config
Asithandeki futhi siyashintsha
Isivumelwano 2 # Protocol 2
Asithandeki futhi siyashintsha
#PermitRootLogin yebo Imvume yeRootLogin cha
Songa nge-CTRL + O futhi sivale nge-CTRL + X
Siqala isevisi:
I-Fedora, RHEL, CentOS:
i-systemctl inika amandla i-sshd.service systemctl qala sshd.service
I-Debian, Ubuntu:
service sshd qala
Yenqaba ukufinyelela kuseva ye-ssh usebenzisa iphasiwedi bese uvumela i-ssh kuphela ngokhiye be-RSA
Uma sifuna ukuxhumana ne-PC1 ku-Server1, into yokuqala okufanele uyenze ukukhiqiza ukhiye wethu ku-PC1. Ngomsebenzisi wethu futhi ngaphandle kwezimpande ku-PC1 senza:
i-ssh-keygen -t rsa -b 8192 (lokhu kukhiqiza ukhiye ongaphezu kokuvikelekile ngoba okhiye abavela ku-1024 kuya ku-2048 bavame ukusetshenziswa)
Lapho sesine-password yethu, siyilayisha kuServer1:
ssh-copy-id umsebenzisi @ server_ip
Uma lokhu sekwenziwe, sizoxhuma kwi-Server1 yethu futhi siguqule ifayela le-nano / etc / ssh / sshd_config ngezimvume zempande:
umsebenzisi we-ssh @ Server1 nano / etc / ssh / sshd_config
Siguqula ulayini othi #PasswordAuthentication yebo kulokhu:
#PasswordAuthentication yebo
IphasiwediUkuqinisekisa cha
Songa nge-CTRL + O futhi sivale nge-CTRL + X
Siqala kabusha insizakalo ye-ssh:
I-Fedora, RHEL, CentOS:
ukuqala kabusha kwesistimu sshd.service
I-Debian, Ubuntu:
service sshd qala kabusha
Shintsha imbobo yokulalela ye-ssh
Siphinde sihlele / njll / ssh / sshd_config futhi engxenyeni ebhekise ethekwini siyishiya kanjena:
# Port 22 Port 2000 (noma enye inombolo engaphezu kuka 2000. Ezibonelweni zethu sizokusebenzisa lokhu.)
Songa nge-CTRL + O futhi sivale nge-CTRL + X
Siqala kabusha insizakalo ye-ssh:
I-Fedora, RHEL, CentOS:
ukuqala kabusha kwesistimu sshd.service
I-Debian, Ubuntu:
service sshd qala kabusha
Uma besebenzisa i-fail2ban kuyadingeka ukushintsha ukucushwa maqondana ne-sshd yokulungisa itheku.
nano /etc/fail2ban/jail.local [sshd] port = ssh, 2000 [sshd-ddos] port = ssh, 2000 [dropbear] port = ssh, 2000 [selinux-ssh] port = ssh, 2000
Songa nge-CTRL + O futhi sivale nge-CTRL + X
Sivuselela isevisi:
I-Fedora, RHEL, CentOS:
ukuqala kabusha kwesistimu kwehluleka2ban.service
I-Debian, Ubuntu:
insiza ihluleka2ban ukuqala kabusha
firewall
I-Fedora, RHEL, CentOS:
Ama-Selinux nama-Iptable enziwa asebenza ngokuzenzakalela kulezi zinhlelo futhi ngincoma ukuthi uqhubeke ngale ndlela. / Ungavula kanjani itheku ngama-iptables? Ake sibheke ukuthi ingavulwa kanjani i-port 2000 entsha ye-ssh port esiyishintshe ngaphambili:
Vula:
nano / etc / sysconfig / iptables
futhi siguqula umugqa obhekise esizindeni ssh port 22 bese usishiya kanjena:
# -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 2000 -j ACCEPT
Songa nge-CTRL + O futhi sivale nge-CTRL + X
Siqala kabusha insiza:
systemctl qala kabusha iptables
I-Debian, Ubuntu:
Ku-Debian noma ku-Ubuntu nakwezinye izinto esivela kuzo sine-firewall yeUFW ezokwenza impilo ibe lula kithina ngoba iphatha iNetfilter ilula kakhulu.
Ukufaka:
thola ukufaka ufw ufw inika amandla
Ukubona isimo samachweba avulekile esikwenzayo:
isimo se-ufw
Ukuvula itheku (ngokwesibonelo sethu kuzoba yi-ssh port 2000 entsha):
ufw vumela 2000
Ukwenqaba itheku (kithi kuzoba itheku elizenzakalelayo 22 le-ssh):
ufw khanyela i-22 ufw susa ukuphika i-22
Futhi abangane abakulungele. Ngale ndlela bazogcina imishini yakho iphephile. Ungakhohlwa ukuphawula kuze kube ngokuzayo: D.
kanye nohlelo lokubethela olufana: https://www.dyne.org/software/tomb/
Futhi nabasebenzisi bezinyoni ekhaya lakho uma bexhuma nge-tty:
http://olivier.sessink.nl/jailkit/index.html#intro
https://operativoslinux.wordpress.com/2015/02/21/enjaular-usuarios-en-linux/ (indlela elula)
Kungcono kakhulu futhi kuphephe kakhudlwana ukubethela lonke uhlelo lwefayela.
Okokufundisa okulandelayo maqondana nokuphepha ku-Linux ngizokucabanga: D.
Kungakuhle futhi ukukhuluma ngokwenza lukhuni i-kernel ngokusebenzisa i-sysctl, ukwenza inqwaba engahleliwe kanye ne-Exec-Shield ku-kernel eyixhasayo, inike amandla ukufinyelela ku-dmesg kanye nohlelo lwe-proc, kusebenze i-daemon yokucwaninga amabhuku, enika amandla ukuvikelwa kwe-TCP SYN , vimbela ukufinyelela ku / dev / mem, khubaza izinketho zesitaki se-TCP / IP ezingaba yingozi noma zingaphephi uhlelo (ukuqondisa kabusha, i-echo, indlela yomthombo), sebenzisa i-pam_cracklib kubasebenzisi ukwenza amaphasiwedi aqinile, ukubaluleka kokusetshenziswa kohlelo lwe-MAC njengeTomoyo , I-AppArmor ne-SELinux.
ilusizo kakhulu !!!! lokho ebengikufuna nje ngiyabonga 🙂
Wamukelekile mngani :).
Uma i-apache isetshenziswa, akulimazi ukufaka imithetho nge-mod_rewrite ukugwema ama-bots. Iwusizo kakhulu
http://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/
futhi nge-nginx ngabe kukhona ubuqili noma ukucushwa?
Ku-debian 8 ifayela le / etc / ssh / sshd_config selivele lineProtocol 2 esebenzayo futhi umsebenzi wePermitRootLogin unenketho ngaphandle kwe-password (ungafaka kuphela izimpande ngokhiye wokuqinisekisa futhi kusuka kukhompyutha enokhiye wangasese)
i-pd ku-debian 8 firewalld ifikile eyishiya incane ku-ufw
Usuyibonile i-ferm? Ngiyayithanda indlela echazwa ngayo imithetho.
http://ferm.foo-projects.org/download/examples/webserver.ferm
Yebo, ngiyajabula ukuthi iDebian 8 isebenzisa i-firewalld ngoba yinhle kakhulu ...
Qaphela i-fail2ban yokuthi umhlaseli wenza amaphakethe ane-ip ye-pc yendawo futhi enze i-DOS ibe lula kakhulu.
Indoda, i-PC IP yendawo ne-loopback eyodwa ayifakwanga ohlwini lweFail2ban.
Uma kungenjalo, singaba nezinzuzo ezingamanga.
Izincomo Ezinhle neziphumelela kakhulu… Yebo, endaweni yeseva futhi uma sisingatha iwebhusayithi, kufaka ezinye izinyathelo…. Okwamanje sigcina iphrojekthi ebizwa ngeJackTheStripper okungeyona into ngaphandle kwe-bash Script elungisa futhi ivikele iseva nge-GNU / Linux ngokulandela izindlela ezinhle zokuphepha, zezinhlelo zokusebenza zewebhu ... http://www.jsitech.com/jackthestripper ....
Isikripthi esihle yize ngithanda ukugcina inani le-kernel.randomize_va_space = 2
Into enhle ukuthi ngaphambi kokuyisebenzisa, ungayishintsha kancane ngezidingo zakho ..... A Hello ...
Sawubona, nakanjani okuthunyelwe kwami kubhekene nomshuwalense oyisisekelo futhi ngamunye kufanele azivikele kancane noma kancane ngokuya ngezinsizakalo ezifake ezinhlelweni zayo ezinjengeLAMP noma i-FTP, i-SFTP, i-BIND kanye ne-etcetera ende:)…
Eposini elilandelayo kwezokuphepha ngizobhekana nalezi zinkinga.
Siyabonga ngempendulo enhle :).
@petercheco, imihlahlandlela yakho mihle kakhulu, kungaba kuhle umhlahlandlela wokubethela wohlelo lweFreeeBSD, angazi ukuthi uzokwenza nini ingxenye yesibili mayelana neFreeBSD, mayelana nokumisa nokwenza ngokwezifiso amadeski, mayelana neFirewall, mayelana nokwenza ukumisa inethiwekhi engenantambo.
Sawubona mngane,
Ngimatasa kancane njengokuvama ukuthumela imibukiso, kepha ngizokugcina lokho engqondweni ngeposi elandelayo ye-FreeBSD.
Ukubingelela :).
Lokho kubekiwe kumazwana, angazi ukuthi ukhuluma ngani, akekho i-xD
I-athikili enhle!
Lesi senzo sokuphepha sisho ukunciphisa imishini nganoma iyiphi indlela?
Cha ... Ukusetshenziswa okujwayelekile kohlelo akukhawulelwe nakancane.
Futhi into ehlekisayo (edabukisayo) ukuthi, njengoba sibonile nje ngemishini yeLenovo, uma i-firmware ye-bios iphazanyiswa ne-malware, akukho okwenzayo okubalulekile.
Inqobo nje uma usebenzisa iWindows efakwe kuqala ngumenzi ...
iphutha: khumbula ukuthi bayifaka ku-bios firmware, okungukuthi, iqala ngohlelo ekuqaliseni kabusha ngakunye, ngaphambi kohlelo lokusebenza, ngaphambi kwamademoni, okokuqala, futhi ayikuvumeli ukuthi wenze noma yini ukumelana nayo. kungenziwa, ngakho-ke umbono we-uefi muhle ngokomthetho.
I-athikili ethakazelisayo, ngizoyifunda ngokucophelela kule ntambama. Ngiyabonga.
Wamukelekile :). Ngiyajabula.
I-athikili enhle kakhulu, ngizijabulise yonke intambama ngiyifunda. Isikhathi osithathayo ukuchaza yonke into ngokucophelela siyasithokozisa,
Ukubingelela kusuka eChile
Carlos
Sawubona Carlos,
Ngibonga kakhulu :).
Imishini yeLenovo, uma kubonakala sengathi i-bios firmware ingenelelwe nge-malware, imishini (iLaptop PC-Desktop Computer) ihlala ifakwa ifakwa neWindows ngumenzi wayo, ngenxa yalokhu okungenhla… ingabe okuthunyelwe… .petercheco?
Ngisho nangaphandle kokwenza konke lokhu kuyasebenza, ngoba i-malware yenzelwe iWindows, hhayi iLinux.
Izinto eziningi namasu alahlekile kuma-iptables, njenge-dizzy nmap ukuze kuwo wonke amachweba avulekile, aqambe amanga ukuthi yi-windows pc esebenzisa i-ttl nosayizi wewindi, scanlogd, apache mod security, grsec, selinux noma into enjalo. Faka esikhundleni se-ftp nge-sftp, nciphisa inani lokuxhuma nge-IP ngayinye kwisevisi ngayinye ethekwini le-X ukugwema ukuthi ngaphambi kwe-DDoS basishiya ngaphandle kwezinsizakalo, futhi bavimbe ama-IP athumela i-UDP engaphezulu kwemizuzwana eminingi kangaka.
Ngezibonelo ozethule, umsebenzisi omusha angahlanya azifunde ... Awukwazi ukubeka konke kokuthunyelwe okukodwa. Ngizongenela okuningana :).
Ngithola iphutha ku-archlinux ngalesi sikhathi lapho nginikeza insizakalo yokuqala, ngiyinika isimo futhi lokhu kuyaphuma:
Isimo se-sudo systemctl sehluleka2ban
● i-fail2ban.service - Isevisi ye-Fail2Ban
Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/fail2ban.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe)
Kuyasebenza: kwehlulekile (Umphumela: umkhawulo wokuqala) kusukela ngoLwesihlanu 2015-03-20 01:10:01 CLST; 1s edlule
Amadokhumenti: indoda: fail2ban (1)
Inqubo: 1695 ExecStart = / usr / bin / fail2ban-client -x start (code = exited, status = 255)
Mar 20 01:10:01 IGundam systemd [1]: Yehlulekile ukuqala iFail2Ban Service.
Mashi 20 01:10:01 I-Gundam systemd [1]: Iyunithi ye-fail2ban.service ifake isimo esihlulekile.
Mar 20 01:10:01 IGundam systemd [1]: fail2ban.service yehlulekile.
Mar 20 01:10:01 IGundam systemd [1]: qala isicelo siphindwe ngokushesha okukhulu ukwehluleka2ban… iqhwa
Mar 20 01:10:01 IGundam systemd [1]: Yehlulekile ukuqala iFail2Ban Service.
Mashi 20 01:10:01 I-Gundam systemd [1]: Iyunithi ye-fail2ban.service ifake isimo esihlulekile.
Mar 20 01:10:01 IGundam systemd [1]: fail2ban.service yehlulekile.
Isiqephu: Ezinye imigqa yayine-ellipsized, sebenzisa-ukukhombisa ngokugcwele.
usizo oluthile? D:
Sawubona, uma unike amandla i-fail2ban nge-systemctl vumela i-fail2ban.service ne-systemctl qala i-fail2ban.service, inkinga izoba ekucushweni kwamajele okwenzile. Sicela uhlole ijele lakho bese uqinisekisa ukuthi konke kuhamba kahle.
Un saludo
UPetercheco
Okokuqala isifundo esihle. Ziningi izinto ezishodayo kodwa ugxile kuzisekelo.
shini-kire, hlola /var/log/fail2ban.log
Ukubingelela
Ngiyabonga @Maykel Franco :).
Kuhle,
fail2ban kufanele bayifake kwi-pc yasekhaya noma ingabe lokho kungaphezulu kwamaseva ???
Ngiyabonga
Esikhundleni samaseva kepha uma uku-wifi efinyeleleka ngabantu abaningi kunawe, kuhle ...
Sawubona mngani, ngicabanga ukuthi okuthunyelwe okuhle kwezokuphepha engxenyeni yomlilo omfushane ku-Gnu / Linux distros, ngibhala la mazwana ngoba ngikwenza ekusatshalalisweni kwe-Ubuntu 14.04 ngazi ukuthi sekuvele kuku-15.04 okwenzekayo le nkinga elandelayo ngifaka i-nano /etc/fail2ban/jail.local njengezimpande futhi anginakho ukubonwa engxenyeni ye-sshd bese ngiyayigcina Engxenyeni ebizwa nge- [DEFAULT] asivumelani futhi siyashintsha #bantime = 3600 and
Engxenyeni ye- [sshd] sethula i-enabled = true ukuyishiya kanjena:
# kunikwe amandla = kuyiqiniso
kunikwe amandla = kuyiqiniso
Akubonakali okwe-sshd okungenzeka ukuthi kungenxa yokuthi ngisebenza inguqulo edlule ngiyabonga