您的足迹: DDNS-Updater Docker 命令 Oracle 永久免费 Postfix 邮箱服务

差别

这里会显示出您选择的修订版和当前版本之间的差别。

到此差别页面的链接

两侧同时换到之前的修订记录前一修订版
后一修订版		前一修订版
it:server:保护 [2022-08-27 17:28] goldentianyait:server:保护 [2022-08-29 19:03] (当前版本) – [保护VPS] goldentianya
行 13: 行 13:
 <code> <code>
 sudo grep "Failed password for invalid user" /var/log/auth.log | awk '{print $13}' | sort | uniq -c | sort -nr | more sudo grep "Failed password for invalid user" /var/log/auth.log | awk '{print $13}' | sort | uniq -c | sort -nr | more
 +</code>
 +
 +3. 统计以root或者其它用户登录的次数
 +<code>
 +sudo grep "Failed password for root" /var/log/auth.log | wc -l
 +sudo grep "Failed password for invalid user" /var/log/auth.log | wc -l
 </code> </code>
  
行 21: 行 27:
   * <color #ff7f27>''%%sudo systemctl restart sshd%%''</color>   * <color #ff7f27>''%%sudo systemctl restart sshd%%''</color>
   * <color #ff7f27>''%%sudo service ssh restart%%''</color>   * <color #ff7f27>''%%sudo service ssh restart%%''</color>
 +
 +<code>
 +// 统计以 root 用户尝试登录到数量
 +sudo grep "Failed password for root" /var/log/auth.log | wc -l
 +// 统计以其它用户试登录到数量
 +sudo grep "Failed password for invalid user" /var/log/auth.log | wc -l
 +</code>
  
 <code> <code>
行 50: 行 63:
 如果依然可以密码登录,则是 <color #7092be>You can disable keyboard-interactive by setting KbdInteractiveAuthentication to "no"</color> 的原因。 如果依然可以密码登录,则是 <color #7092be>You can disable keyboard-interactive by setting KbdInteractiveAuthentication to "no"</color> 的原因。
  
-=== fail2ban ===+===== fail2ban =====
 安装 fail2ban 防止攻击 <color #ff7f27>''%%sudo apt-get install fail2ban%%''</color> (([[https://linux.cn/article-5067-1.html|为ssh服务器配置fail2ban]])) 安装 fail2ban 防止攻击 <color #ff7f27>''%%sudo apt-get install fail2ban%%''</color> (([[https://linux.cn/article-5067-1.html|为ssh服务器配置fail2ban]]))
 +
 +检查状态 <color #ff7f27>''%%sudo iptables --list -n%%''</color>\\
 +解锁ssh fail2ban-client set sshd unbanip <ip>\\
 +或者更改 /etc/fail2ban/jail.conf  文件,为某些IP设置白名单。
 +
 +
 +添加对nginx 和 wordpress 的保护 mkdir -p /root/wwwlogs\\
 +然后重启服务 
 +  * service fail2ban restart 
 +  * fail2ban-client reload
 +++++ jail.local |
 +<code>
 +# 保护Linux,防止远程SSH爆破
 +[ssh-iptables]
 +enabled = true
 +filter  = sshd
 +action  = iptables[name=SSH, port=26568, protocol=tcp]
 +logpath = /var/log/fail2ban.log
 +
 +# HTTP 验证防暴力破解
 +[nginx-http-auth]
 +enabled  = true
 +filter  = nginx-http-auth
 +port    = http,https
 +logpath  = /var/log/nginx/error.log
 + 
 +#屏蔽恶意爬虫
 +[nginx-badbots]
 +enabled  = true
 +port    = http,https
 +filter  = nginx-badbots
 +logpath  =  /var/log/nginx/error.log
 +maxretry = 2
 + 
 +#避免恶意请求网站目录结构
 +[nginx-nohome]
 +enabled  = true
 +port    = http,https
 +filter  = nginx-nohome
 +logpath  =  /var/log/nginx/error.log
 +maxretry = 2
 + 
 +#避免 nginx 被他人用于反向代理
 +[nginx-noproxy]
 +enabled  = true
 +port    = http,https
 +filter  = nginx-noproxy
 +logpath  =  /var/log/nginx/error.log
 +maxretry = 2
 +
 +#防范 WordPress 暴力破解登录请求
 +[wp-login]
 +enabled = true
 +port = http,https
 +filter = wp-login
 +maxretry = 10
 +findtime = 60
 +bantime = 43600
 +logpath  =  /var/log/fail2ban.log
 +
 +#防止 WordPress 受到 xmlrpc.php CC 攻击
 +[xmlrpc]
 +enabled = true
 +port = http,https
 +filter = xmlrpc
 +logpath  = /var/log/fail2ban.log
 +bantime = 43600
 +maxretry = 1
 +findtime  = 5
 +</code>
 +++++
 +
 +
 +
 +
it/server/保护.1661621298.txt.gz · 最后更改: 2022-08-27 17:28 由 goldentianya
回到顶部
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0