- 论坛徽章:
- 0
|
1.在/etc/pf.conf加入底下規則
table persist
table persist
block quick from
block quick from
pass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload flush global)
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload flush global)
2.再寫個script去紀錄每天的狀況
#!/bin/sh
log_file="/var/log/bad_guy.log"
date >> $log_file
echo " FTP:" >> $log_file
/sbin/pfctl -t SSHbruteforce -T show >> $log_file
echo " SSH:" >> $log_file
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
並把設定加入rc.local
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/4377/showart_1119182.html |
|
免费注册
发表于 2008-08-09 13:20
