¸¶½ºÅÍÆ÷À¯(Master4U)
Monday, 17 of January
 

·Î±×ÀÎ
hosts.deny ÀÚµ¿Ãß°¡
°ü¸®ÀÚ  2016-06-10 23:08:20 Hit:2913
¸µÅ© #1: http://kin.naver.com/qna/detail.nhn?d1id=1&dirId=10302&docId=150113002&qb=aG9zdHMuZGVueSDsoIHsmqk=&enc=utf8§ion=kin&rank=1&s

¸®´ª½º hosts.deny ¹®Á¦
2012.04.24. 13:15


ȸ»ç¸ÞÀϼ­¹ö¿¡ ºñÁ¤»ó Á¢±Ùip°¡ ¸¹¾Æ º¸¾È¼³Á¤À» Çß½À´Ï´Ù

¼³Á¤Àº crontab¿¡

01 01 * * * grep "failure" /var/log/secure | awk '{ print $14}' | uniq | sed "s/^/all:/" > /tmp/anonymous_login

/tmp/anonymous_login ¿¡ ±â·ÏµÈip°¡ /etc/hosts.deny¿¡ ³Ö°Ô±Ý ÇØ³í »óÅÂ.

ÀÌ·¸°Ô ¼³Á¤ÇÏ¿´´Âµ¥ ¹®Á¦´Â anonymous_login¿¡ ÇÊ¿ä¾ø´Â ´Ü¾î·Î ÀÎÇØ hosts.deny°¡ ÀÛµ¿À» ¾ÈÇѴٴ°ÍÀÔ´Ï´Ù.

Á¦°¡ ÆÄ¾ÇÇѰá°ú anonymous_login¿¡ ip¸¸ ±â·ÏµÇ´Â°Ô ¾Æ´Ï¶ó 'rhost=' ÀÌ ´Ü¾î°¡ Æ÷ÇԵǼ­ ±×·±°É·Î °á·Ð³µ½À´Ï´Ù.

±×·¯´Ï±î /etc/hosts.deny¸¦ ¿­¾îº¸¸é 'all:rhost=192.168.1.1' ÀÌ·±½ÄÀ¸·Î ±â·ÏµÇ¾îÀÖÀ¸¸ç

'all:192.168.1.1' ÀÌ·¸°Ô ±â·ÏµÇ¾î ÀÖ¾î¾ß ipÂ÷´ÜÀÌ µÇ´õ¶ó±¸¿ä

/var/log/secure¿¡¼­ IP¸¸ »ÌÀ» ¼ö ÀÖ´Â ¹æ¹ýÀº ¾øÀ»±î¿ä

°í¼ö´ÔµéÀÇ ´äº¯À» ±â´Ù¸³´Ï´Ù..

ps. ¾Æ·¡¿¡ /var/log/secure ÀϺΠ³»¿ë ÷ºÎÇÕ´Ï´Ù.

Apr 22 08:55:05 mail dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=93.93.216.***

-------------------------------------------------------------------

¿ÀǼҽºopensrc(opensrc)´ÔÀÇ ´äº¯ÀÔ´Ï´Ù.
ÀÌ·¸°Ô Çϸé sed ±¸¹®¿¡ µ¿½Ã¿¡ ¿©·¯°³ÀÇ Ä¡È¯ ±¸¹®À» Àû¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.



grep "failure" /var/log/secure | awk '{ print $14}' | uniq | sed -e "s/^/all:/"  -e "s/rhost=//"
º»¹®Àμ⺻¹®¸ÞÀϹ߼Û
¡â robots.txt ¸¦ ÀÌ¿ëÇÏ¿© °Ë»ö·Îº¿ Â÷´ÜÇϱâ
¡ä /etc/hosts.allow,/etc/hosts.deny (Tcp-wrapper)
Copyright 1999-2025 Zeroboard / skin by ChanBi