|
 °ü¸®ÀÚ  |
2016-06-10 23:08:20 |
Hit:2913 |
|
|
¸µÅ© #1: http://kin.naver.com/qna/detail.nhn?d1id=1&dirId=10302&docId=150113002&qb=aG9zdHMuZGVueSDsoIHsmqk=&enc=utf8§ion=kin&rank=1&s
¸®´ª½º hosts.deny ¹®Á¦
2012.04.24. 13:15
ȸ»ç¸ÞÀϼ¹ö¿¡ ºñÁ¤»ó Á¢±Ùip°¡ ¸¹¾Æ º¸¾È¼³Á¤À» Çß½À´Ï´Ù
¼³Á¤Àº crontab¿¡
01 01 * * * grep "failure" /var/log/secure | awk '{ print $14}' | uniq | sed "s/^/all:/" > /tmp/anonymous_login
/tmp/anonymous_login ¿¡ ±â·ÏµÈip°¡ /etc/hosts.deny¿¡ ³Ö°Ô±Ý ÇØ³í »óÅÂ.
ÀÌ·¸°Ô ¼³Á¤ÇÏ¿´´Âµ¥ ¹®Á¦´Â anonymous_login¿¡ ÇÊ¿ä¾ø´Â ´Ü¾î·Î ÀÎÇØ hosts.deny°¡ ÀÛµ¿À» ¾ÈÇѴٴ°ÍÀÔ´Ï´Ù.
Á¦°¡ ÆľÇÇÑ°á°ú anonymous_login¿¡ ip¸¸ ±â·ÏµÇ´Â°Ô ¾Æ´Ï¶ó 'rhost=' ÀÌ ´Ü¾î°¡ Æ÷ÇԵǼ ±×·±°É·Î °á·Ð³µ½À´Ï´Ù.
±×·¯´Ï±î /etc/hosts.deny¸¦ ¿¾îº¸¸é 'all:rhost=192.168.1.1' ÀÌ·±½ÄÀ¸·Î ±â·ÏµÇ¾îÀÖÀ¸¸ç
'all:192.168.1.1' ÀÌ·¸°Ô ±â·ÏµÇ¾î ÀÖ¾î¾ß ipÂ÷´ÜÀÌ µÇ´õ¶ó±¸¿ä
/var/log/secure¿¡¼ IP¸¸ »ÌÀ» ¼ö ÀÖ´Â ¹æ¹ýÀº ¾øÀ»±î¿ä
°í¼ö´ÔµéÀÇ ´äº¯À» ±â´Ù¸³´Ï´Ù..
ps. ¾Æ·¡¿¡ /var/log/secure ÀϺΠ³»¿ë ÷ºÎÇÕ´Ï´Ù.
Apr 22 08:55:05 mail dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=93.93.216.***
-------------------------------------------------------------------
¿ÀǼҽºopensrc(opensrc)´ÔÀÇ ´äº¯ÀÔ´Ï´Ù.
ÀÌ·¸°Ô Çϸé sed ±¸¹®¿¡ µ¿½Ã¿¡ ¿©·¯°³ÀÇ Ä¡È¯ ±¸¹®À» Àû¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
grep "failure" /var/log/secure | awk '{ print $14}' | uniq | sed -e "s/^/all:/" -e "s/rhost=//" |
|
|
|
|
|
|
|
|
