服务器密码尽可能设置复杂一些,至少数字符号大小写字母,不少于12位。
对于经常暴力破解 服务器密码的IP,送他一张机票。
跟着脚步我们去看看日志,找出这个鬼,首先我们要查看的是/var/log/secure。
#tail -n50 secure-20161219 (可以看到大量Failed password的记录) Dec 19 03:41:35 localhost sshd[9014]: Failed password for root from 59.63.166.84 port 26368 ssh2 Dec 19 03:41:36 localhost sshd[9014]: Failed password for root from 59.63.166.84 port 26368 ssh2 Dec 19 03:41:37 localhost sshd[9014]: Failed password for root from 59.63.166.84 port 26368 ssh2 Dec 19 03:41:37 localhost sshd[9014]: Failed password for root from 59.63.166.84 port 26368 ssh2 Dec 19 03:41:38 localhost sshd[9014]: Failed password for root from 59.63.166.84 port 26368 ssh2 Dec 19 03:41:38 localhost sshd[9014]: error: maximum authentication attempts exceeded for root from 59.63.166.84 port 26368 ssh2 [preauth] Dec 19 03:41:38 localhost sshd[9014]: Disconnecting: Too many authentication failures [preauth] Dec 19 03:41:39 localhost sshd[9016]: Failed password for root from 59.63.166.84 port 32555 ssh2
我们要过滤出Failed行并显示对他的ip地址做统计排序,找到攻击最大的几个
#awk '/Failed password/{print $(NF-3)}' secure-20161219|sort|uniq -c|sort -nrk1|head -20 68652 218.65.30.25 34326 218.65.30.53 21201 218.87.109.154 18065 112.85.42.103 17164 112.85.42.99 17163 218.87.109.151 17163 218.87.109.150 17163 218.65.30.61 17163 218.65.30.126 17163 218.65.30.124 17163 218.65.30.123 17163 218.65.30.122 17163 182.100.67.120 17163 182.100.67.119 17163 112.85.42.124 17163 112.85.42.107 3289 222.186.50.206 3265 219.133.29.16 3206 111.73.46.156 2479 117.21.226.189
(解释下# awk ‘/Failed password/{print $(NF-3)}’ secure-20161219|sort|uniq -c|sort -nrk1|head -20)
awk根据Failed password匹配出了破解记录,然后取倒数第四列的ip,取到的结果先进行排序(目的是为了下一个uniq函数),uniq -c去重并计算数目(只支持比较连续的行所以前面用sort),对去重后的数据按照第一列(-k1)进行数字(n)倒序(r),最后只取前20行
二、使用数组方法:
#awk '/Failed password/{d[$(NF-3)]++}END{for(i in d) print i,d[i]}' secure-20161219|sort -nrk2|head -20 218.65.30.25 68652 218.65.30.53 34326 218.87.109.154 21201 112.85.42.103 18065 112.85.42.99 17164 218.87.109.151 17163 218.87.109.150 17163 218.65.30.61 17163 218.65.30.126 17163 218.65.30.124 17163 218.65.30.123 17163 218.65.30.122 17163 182.100.67.120 17163 182.100.67.119 17163 112.85.42.124 17163 112.85.42.107 17163 222.186.50.206 3289 219.133.29.16 3265 111.73.46.156 3206 117.21.226.189 2479