zoukankan      html  css  js  c++  java

  • OS Security var_log_secure / services / port

    s

    nmap介绍 2009-10-14 11:39:07

    http://blog.chinaunix.net/uid-291705-id-2134351.html

    安全检查机器192.158.0.253开启的所有端口及服务  /  port

    [root@v-HYe5zbuhzKV ~]# nmap -PT 192.168.0.253

    Linux服务器应注意的安全问题-ssh暴力破解--denyhosts解决

    http://blog.csdn.net/qiudakun/article/details/5454277

    对获取其中的ip地址和数量:# grep -o '[0-9]/{1,3/}/.[0-9]/{1,3/}/.[0-9]/{1,3/}/.[0-9]/{1,3/}' /var/log/secure | sort | uniq -c 怎么样防,如果要一条一条将这些IP阻止显然治标不治本,还好有DenyHosts软件来代替我们手搞定他。 DenyHosts是Python语言写的一个程序,它会分析sshd的日志文件,当发现重复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能。

    公布一批最近企图ssh爆破我的服务器的ip-疑似肉鸡

    http://blog.csdn.net/embbnux/article/details/41120323

    最近发现自己的ssh一直有一些人企图使用ssh暴力破解的方式进行密码破解.就查看了一下,真是网络安全太可怕了. 大家自己的服务器密码还是要设置好,管好,做好最基本的安全措施,不然最后只能沦为肉鸡. ssh登陆日志可以在/var/log下看到,ubuntu的话为auth.log,centos为secure文件 查看那些企图暴力破解的密码的机器的ip

    [root@v-HYe5zbuhzKV ~]# cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'  > /usr/local/nginx/html/secure.html

    cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'

    103.41.124.100=900

    103.41.124.102=621

    103.41.124.103=618

    103.41.124.104=45

    103.41.124.111=678

    103.41.124.112=705

    103.41.124.113=324

    103.41.124.12=476

    103.41.124.13=171

    103.41.124.14=1332

    103.41.124.17=289

    103.41.124.18=369

    103.41.124.19=969

    103.41.124.20=544

    103.41.124.21=996

    103.41.124.22=282

    103.41.124.24=708

    103.41.124.25=657

    103.41.124.26=1029

    103.41.124.27=363

    103.41.124.28=1005

    103.41.124.29=1533

    103.41.124.30=52

    103.41.124.31=687

    103.41.124.32=579

    103.41.124.33=636

    103.41.124.34=678

    103.41.124.35=330

    103.41.124.36=1026

    103.41.124.37=1053

    103.41.124.38=615

    103.41.124.39=333

    103.41.124.40=1222

    103.41.124.41=675

    103.41.124.43=594

    103.41.124.44=1377

    103.41.124.45=585

    103.41.124.46=249

    103.41.124.47=987

    103.41.124.48=152

    103.41.124.49=1527

    103.41.124.50=306

    103.41.124.52=1290

    103.41.124.54=327

    103.41.124.56=600

    103.41.124.58=648

    103.41.124.59=936

    103.41.124.61=714

    103.41.124.62=1602

    103.41.124.63=595

    103.41.124.64=542

    103.41.124.65=390

    103.41.124.66=345

    106.39.222.39=1078

    107.160.22.122=17

    111.203.22.57=3

    111.203.22.73=264

    111.74.238.8=2

    113.195.145.70=645

    113.195.145.79=4020

    114.199.121.53=1

    114.255.149.210=20

    115.231.222.171=119

    115.231.222.42=135

    115.238.245.222=6

    115.238.55.163=827

    115.239.228.5=73

    115.239.248.205=580

    115.239.248.237=370

    117.21.191.202=39

    117.27.137.107=406

    117.79.156.130=15

    121.18.10.195=115

    122.10.228.192=1446

    122.225.103.125=134

    122.225.103.73=358

    122.225.38.23=55

    123.57.134.96=2

    123.57.16.135=224

    124.156.65.215=1

    125.7.10.201=15

    137.118.101.159=1

    149.129.11.56=1

    149.129.128.65=1

    149.129.18.234=1

    149.129.24.80=1

    177.220.129.122=1

    180.222.190.48=20

    182.100.67.102=336

    182.100.67.113=6615

    182.100.67.114=363

    182.100.67.115=1474

    182.100.67.116=12

    195.154.167.194=32

    200.114.113.122=1

    202.101.233.106=224

    202.102.135.12=9

    202.134.154.141=1

    202.85.211.206=754

    203.153.30.171=1

    210.112.121.241=1062

    211.25.3.218=1

    213.118.33.20=1

    216.150.47.129=1

    216.96.84.29=1

    218.2.0.120=125

    218.2.0.121=163

    218.2.0.123=365

    218.2.0.128=384

    218.2.0.135=381

    218.2.0.137=103

    218.203.32.171=2

    218.203.54.156=40

    218.207.20.83=30

    218.30.24.156=12

    218.60.136.222=79

    218.64.17.234=357

    218.65.30.107=1017

    218.65.30.73=6

    218.94.133.185=36

    221.226.106.188=144

    221.229.160.237=203

    221.6.233.62=915

    222.161.4.147=23

    222.186.15.239=1

    222.186.30.165=4784

    222.186.31.93=9

    222.186.42.206=75

    222.186.57.165=92

    222.186.58.181=20

    222.186.59.100=9

    24.168.206.41=1

    27.254.44.116=69

    41.203.214.92=1

    54.93.46.228=128

    58.218.204.172=446

    58.218.213.238=394

    58.59.113.250=2212

    59.46.79.86=259

    60.173.10.132=815

    60.173.12.106=814

    60.173.12.98=831

    60.173.14.24=827

    60.173.26.165=834

    60.173.26.173=867

    60.173.26.187=756

    60.173.26.188=800

    60.173.26.206=1023

    60.173.9.11=829

    60.173.9.184=833

    60.173.9.247=13380    安徽省铜陵市 电信

    60.210.102.18=224

    60.210.102.38=224

    60.28.24.238=754

    60.55.40.64=378

    61.128.110.40=754

    61.143.236.193=93

    61.147.103.115=924

    61.147.103.152=880

    61.147.107.109=292

    61.147.121.130=33

    61.147.80.6=30

    61.160.213.165=21

    61.160.23.219=15

    61.174.48.29=1478

    61.174.49.105=3201

    61.174.50.149=225

    61.174.51.200=9

    61.200.23.200=75

    61.206.41.210=2

    61.237.145.80=12

    62.150.107.226=1

    62.210.125.142=44

    62.210.247.137=2

    62.210.88.26=83

    64.34.39.111=2

    69.50.206.239=3099

    72.37.135.56=1

    75.86.136.163=1

    76.14.116.90=1

    76.14.141.24=1

    82.98.168.5=47

    87.117.185.80=12

    91.197.131.15=1

    94.136.45.192=69

    94.81.232.180=31

    am_limits(sshd:session): unknown limit item 'noproc' 

    http://www.zhanghaijun.com/post/882/

    今天查看/var/log/secure日志文件,发现里面出现大量的错误,如下:
    [root@localhost log]# cat /var/log/secure|more
    Mar 16 00:00:01 localhost crond[11717]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:00:01 localhost crond[11718]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:00:01 localhost crond[11717]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:00:01 localhost crond[11718]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:01:01 localhost crond[11739]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:01:01 localhost crond[11738]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:01:01 localhost crond[11739]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:01:01 localhost crond[11738]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:02:01 localhost crond[11786]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:02:01 localhost crond[11786]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:03:01 localhost crond[11808]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:03:01 localhost crond[11808]: pam_limits(crond:session): unknown limit item 'noproc'
    Mar 16 00:04:01 localhost crond[11833]: pam_limits(crond:session): unknown limit item 'noproc'
    几乎每分钟都有一到两个,看错误信息应该和limits.conf有关,执行 ulimit -n 看一下当前系统设置的是什么数值。
    [root@localhost log]# ulimit -n
    65535
    打开/etc/security/limits.conf配置文件发现问题
    http://dl2.iteye.com/upload/attachment/0105/8887/df698832-94d7-329d-be22-4b81e184effc.jpg


    接下来我们看看配置文件中注释是怎么写的,底部画红线的部分
    http://dl2.iteye.com/upload/attachment/0105/8889/5a5a4002-fc5c-3f30-811a-16d21e397b45.jpg


    * soft noproc 65535
    * hard noproc 65535
    应该改为
    * soft nproc 65535
    * hard nproc 65535
    才对,至此该错误解决。有碰到和我一样错误的朋友不妨看一下limits.conf文件是否也是这样写的。

     

    linux /etc/hosts.allow和/etc/hosts.deny的配置方法

    http://zhidao.baidu.com/question/542303865.html?loc_ans=1369965133

    比如ftp 只允许192.168.24. 这个网段的人使用。记住,都是先允许,后拒绝的。也就是先检验是否被允许,然后才检验是否被拒绝。

    hosts.allow里面这样写。vsftpd: 192.168.24.*

    hosts.deny里面这样写vsftpd: ALL

     

    end
  • 相关阅读:
    Revit二次开发-IExternalCommand中Execute函数的三个参数
    WebApi接收传值
    IIS报错不进入网站关于webconfig问题
    Sugar和MiniUI的分页问题
    python可变参数类型 a,*args,**kwargs
    python3反转列表的三种方式
    自动化测试常用断言的使用方法(python)-(转载@zhuquan0814
    python深浅拷贝的理解和区分
    已存在提示
    SSH
  • 原文地址:https://www.cnblogs.com/lindows/p/14390230.html
Copyright © 2011-2022 走看看