避免ssh 帳號和密碼被暴力破解
[root@localhost ~]#yum install denyhosts(註:需先增加 yum 的套件伺服器) [root@localhost ~]#vim /etc/denyhosts/denyhosts.cfg SECURE_LOG = /var/log/secure (ssh 日誌文件,它是根據這個文件來判斷的) HOSTS_DENY = /etc/hosts.deny (阻擋的IP,要寫入的文件) PURGE_DENY = 1d (過多久後清除已經禁止的IP) BLOCK_SERVICE = sshd (保護的服務) DENY_THRESHOLD_INVALID = 1 (允許不存在用戶登陸的次數) DENY_THRESHOLD_VALID = 5 (允許普通用戶登陸失敗的次數) DENY_THRESHOLD_ROOT = 3 (允許root登陸失敗的次數) HOSTNAME_LOOKUP=NO (是否做網域名稱反解) ADMIN_EMAIL = [email protected] (管理員郵件地址,會給管理員發郵件) DAEMON_LOG = /var/log/denyhosts (日誌文件) [root@localhost ~]#/etc/ini.d/denyhosts start [root@localhost ~]#chkconfig denyhosts on