::isulnara:: :: DenyHosts로 sshd brute-force attack 막기

글검색결과[DenyHosts] : 1

2008/12/01 DenyHosts로 sshd brute-force attack 막기 (2)


	NAS

DenyHosts로 sshd brute-force attack 막기

Posted on 2008/12/01 21:33


	What is DenyHosts? "DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system? DenyHosts attempts to address the above.." http://denyhosts.sourceforge.net/ 사용된 버전: DenyHosts-2.6 1. python 설치(설치 안되어 있을 경우) fs> ipkg install python24 2. DenyHosts-2.6.tar.gz 다운로드: http://downloads.sourceforge.net/denyhosts/DenyHosts-2.6.tar.gz?modtime=1165494115&big_mirror=0 3. DenyHosts-2.6 설치 fs> tar xvzf DenyHosts-2.6.tar.gz fs> cd DenyHosts-2.6 fs> python setup.py install fs> cp -R DenyHosts /usr/share/denyhosts fs> ln -s /usr/share/denyhosts/DenyHosts /usr/bin/DenyHosts fs> cd /usr/share/denyhosts fs> cp denyhosts.cfg-dist denyhosts.cfg fs> cp daemon-control-dist daemon-control fs> chown root daemon-control fs> chmod 700 daemon-control 4. /usr/share/denyhosts/denyhosts.cfg 수정 # Debian: SECURE_LOG = /var/log/messages # Another possibility (also see the next option): HOSTS_DENY = /etc/hosts.evil # http://denyhosts.sourceforge.net/faq.html#aux BLOCK_SERVICE = # Debian LOCK_FILE = /var/run/denyhosts.pid # To enable synchronization, you must uncomment the following line: SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 # The default is SYNC_UPLOAD = yes # SYNC_UPLOAD = no # The default is SYNC_DOWNLOAD = yes # #SYNC_DOWNLOAD = no SYNC_DOWNLOAD = yes 5. /usr/share/denyhosts/daemon-control 수정 DENYHOSTS_LOCK = "/var/run/denyhosts.pid" 6. /etc/hosts.deny 설정 ALL: /etc/hosts.evil 7. 차단할 IP 주소를 기록할 파일 생성 fs> touch /etc/hosts.evil 8. 자동 실행 설정: /etc/rc.local 수정 # denyhosts /usr/share/denyhosts/daemon-control start 9. DenyHosts 실행(최초 1회) fs> /usr/share/denyhosts/daemon-control start 10. /etc/hosts.evil 확인: 아래와 같은 형식으로 공격자의 IP 주소가 기록됨 62.193.233.132 80.24.4.23 210.15.200.92 81.138.41.99 193.231.3.97 201.0.145.106 168.167.229.166 24.232.77.40 213.251.154.165 . 참고사항 /usr/share/denyhosts/daemon-control start 실행 시 다음과 같은 에러가 발생할 경우 starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg Traceback (most recent call last): File "/usr/bin/denyhosts.py", line 5, in ? import DenyHosts.python_version File "/usr/bin/DenyHosts.py", line 5, in ? import DenyHosts.python_version ImportError: No module named python_version 에는 다음과 같이 처리하면 됩니다. fs>* cp -R DenyHosts /usr/share/denyhosts fs> ln -s /usr/share/denyhosts/DenyHosts /usr/bin/DenyHosts 설치 과정은 다음 사이트를 참고하였습니다. http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts 이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다. (0) (0)

brute-force attack, DenyHosts, SSH

Trackback [0] : Comment [2]

OLVR

2010/04/17 05:10

user> python setup.py install
-ash: python: not found

라면서 진행이 안되는데, 분명히 ipkg install python24 해서 설치가 된 것 같거든요? 혹시 무슨 문제인지 알고 계실까요? 제가 워낙 초보라;;

isul

2010/04/18 20:33

python이 제대로 설치가 안된 거 같습니다.
ll /opt/bin/python
명령을 내려보세요..
전 위 명령을 내리니
/opt/bin/python -> python2.5
이렇게 되어 있네요.. 이 글을 작성한 후 업데이트 되어서 2.5로 나온 것 같습니다.
혹시 /opt/bin/python이 없다면
ln -s /opt/bin/python2.4 /opt/bin/python
명령으로 링크를 걸어주세요.

What is DenyHosts?