OS Security var_log_secure / services / port

s

nmap介绍 2009-10-14 11:39:07

http://blog.chinaunix.net/uid-291705-id-2134351.html

安全检查机器192.158.0.253开启的所有端口及服务  /  port

[root@v-HYe5zbuhzKV ~]# nmap -PT 192.168.0.253

Linux服务器应注意的安全问题-ssh暴力破解--denyhosts解决

http://blog.csdn.net/qiudakun/article/details/5454277

对获取其中的ip地址和数量：# grep -o '[0-9]/{1,3/}/.[0-9]/{1,3/}/.[0-9]/{1,3/}/.[0-9]/{1,3/}' /var/log/secure | sort | uniq -c 怎么样防,如果要一条一条将这些IP阻止显然治标不治本，还好有DenyHosts软件来代替我们手搞定他。 DenyHosts是Python语言写的一个程序，它会分析sshd的日志文件，当发现重复的攻击时就会记录IP到/etc/hosts.deny文件，从而达到自动屏IP的功能。

公布一批最近企图ssh爆破我的服务器的ip-疑似肉鸡

http://blog.csdn.net/embbnux/article/details/41120323

最近发现自己的ssh一直有一些人企图使用ssh暴力破解的方式进行密码破解.就查看了一下,真是网络安全太可怕了. 大家自己的服务器密码还是要设置好,管好,做好最基本的安全措施,不然最后只能沦为肉鸡. ssh登陆日志可以在/var/log下看到,ubuntu的话为auth.log,centos为secure文件 查看那些企图暴力破解的密码的机器的ip

[root@v-HYe5zbuhzKV ~]# cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'  > /usr/local/nginx/html/secure.html

cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'

103.41.124.100=900

103.41.124.102=621

103.41.124.103=618

103.41.124.104=45

103.41.124.111=678

103.41.124.112=705

103.41.124.113=324

103.41.124.12=476

103.41.124.13=171

103.41.124.14=1332

103.41.124.17=289

103.41.124.18=369

103.41.124.19=969

103.41.124.20=544

103.41.124.21=996

103.41.124.22=282

103.41.124.24=708

103.41.124.25=657

103.41.124.26=1029

103.41.124.27=363

103.41.124.28=1005

103.41.124.29=1533

103.41.124.30=52

103.41.124.31=687

103.41.124.32=579

103.41.124.33=636

103.41.124.34=678

103.41.124.35=330

103.41.124.36=1026

103.41.124.37=1053

103.41.124.38=615

103.41.124.39=333

103.41.124.40=1222

103.41.124.41=675

103.41.124.43=594

103.41.124.44=1377

103.41.124.45=585

103.41.124.46=249

103.41.124.47=987

103.41.124.48=152

103.41.124.49=1527

103.41.124.50=306

103.41.124.52=1290

103.41.124.54=327

103.41.124.56=600

103.41.124.58=648

103.41.124.59=936

103.41.124.61=714

103.41.124.62=1602

103.41.124.63=595

103.41.124.64=542

103.41.124.65=390

103.41.124.66=345

106.39.222.39=1078

107.160.22.122=17

111.203.22.57=3

111.203.22.73=264

111.74.238.8=2

113.195.145.70=645

113.195.145.79=4020

114.199.121.53=1

114.255.149.210=20

115.231.222.171=119

115.231.222.42=135

115.238.245.222=6

115.238.55.163=827

115.239.228.5=73

115.239.248.205=580

115.239.248.237=370

117.21.191.202=39

117.27.137.107=406

117.79.156.130=15

121.18.10.195=115

122.10.228.192=1446

122.225.103.125=134

122.225.103.73=358

122.225.38.23=55

123.57.134.96=2

123.57.16.135=224

124.156.65.215=1

125.7.10.201=15

137.118.101.159=1

149.129.11.56=1

149.129.128.65=1

149.129.18.234=1

149.129.24.80=1

177.220.129.122=1

180.222.190.48=20

182.100.67.102=336

182.100.67.113=6615

182.100.67.114=363

182.100.67.115=1474

182.100.67.116=12

195.154.167.194=32

200.114.113.122=1

202.101.233.106=224

202.102.135.12=9

202.134.154.141=1

202.85.211.206=754

203.153.30.171=1

210.112.121.241=1062

211.25.3.218=1

213.118.33.20=1

216.150.47.129=1

216.96.84.29=1

218.2.0.120=125

218.2.0.121=163

218.2.0.123=365

218.2.0.128=384

218.2.0.135=381

218.2.0.137=103

218.203.32.171=2

218.203.54.156=40

218.207.20.83=30

218.30.24.156=12

218.60.136.222=79

218.64.17.234=357

218.65.30.107=1017

218.65.30.73=6

218.94.133.185=36

221.226.106.188=144

221.229.160.237=203

221.6.233.62=915

222.161.4.147=23

222.186.15.239=1

222.186.30.165=4784

222.186.31.93=9

222.186.42.206=75

222.186.57.165=92

222.186.58.181=20

222.186.59.100=9

24.168.206.41=1

27.254.44.116=69

41.203.214.92=1

54.93.46.228=128

58.218.204.172=446

58.218.213.238=394

58.59.113.250=2212

59.46.79.86=259

60.173.10.132=815

60.173.12.106=814

60.173.12.98=831

60.173.14.24=827

60.173.26.165=834

60.173.26.173=867

60.173.26.187=756

60.173.26.188=800

60.173.26.206=1023

60.173.9.11=829

60.173.9.184=833

60.173.9.247=13380    安徽省铜陵市 电信

60.210.102.18=224

60.210.102.38=224

60.28.24.238=754

60.55.40.64=378

61.128.110.40=754

61.143.236.193=93

61.147.103.115=924

61.147.103.152=880

61.147.107.109=292

61.147.121.130=33

61.147.80.6=30

61.160.213.165=21

61.160.23.219=15

61.174.48.29=1478

61.174.49.105=3201

61.174.50.149=225

61.174.51.200=9

61.200.23.200=75

61.206.41.210=2

61.237.145.80=12

62.150.107.226=1

62.210.125.142=44

62.210.247.137=2

62.210.88.26=83

64.34.39.111=2

69.50.206.239=3099

72.37.135.56=1

75.86.136.163=1

76.14.116.90=1

76.14.141.24=1

82.98.168.5=47

87.117.185.80=12

91.197.131.15=1

94.136.45.192=69

94.81.232.180=31

am_limits(sshd:session): unknown limit item 'noproc' 

http://www.zhanghaijun.com/post/882/

今天查看/var/log/secure日志文件，发现里面出现大量的错误，如下：
[root@localhost log]# cat /var/log/secure|more
Mar 16 00:00:01 localhost crond[11717]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:00:01 localhost crond[11718]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:00:01 localhost crond[11717]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:00:01 localhost crond[11718]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11739]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11738]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11739]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:01:01 localhost crond[11738]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:02:01 localhost crond[11786]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:02:01 localhost crond[11786]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:03:01 localhost crond[11808]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:03:01 localhost crond[11808]: pam_limits(crond:session): unknown limit item 'noproc'
Mar 16 00:04:01 localhost crond[11833]: pam_limits(crond:session): unknown limit item 'noproc'
几乎每分钟都有一到两个，看错误信息应该和limits.conf有关，执行 ulimit -n 看一下当前系统设置的是什么数值。
[root@localhost log]# ulimit -n
65535
打开/etc/security/limits.conf配置文件发现问题
http://dl2.iteye.com/upload/attachment/0105/8887/df698832-94d7-329d-be22-4b81e184effc.jpg

接下来我们看看配置文件中注释是怎么写的，底部画红线的部分
http://dl2.iteye.com/upload/attachment/0105/8889/5a5a4002-fc5c-3f30-811a-16d21e397b45.jpg

* soft noproc 65535
* hard noproc 65535
应该改为
* soft nproc 65535
* hard nproc 65535
才对，至此该错误解决。有碰到和我一样错误的朋友不妨看一下limits.conf文件是否也是这样写的。

linux /etc/hosts.allow和/etc/hosts.deny的配置方法

http://zhidao.baidu.com/question/542303865.html?loc_ans=1369965133

比如ftp 只允许192.168.24. 这个网段的人使用。记住，都是先允许，后拒绝的。也就是先检验是否被允许，然后才检验是否被拒绝。

hosts.allow里面这样写。vsftpd: 192.168.24.*

hosts.deny里面这样写。vsftpd: ALL

end