Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sturdy build secure Linux server     - Eight kinds of techniques to solve hard problems Linux (Linux)

- Upload the project to GitHub, synchronous remote repository Github (Linux)

- Docker Basic Concepts (Linux)

- Ubuntu dual-card system configuration method (Server)

- Firewall types and instructions (Linux)

- String JavaScript type system (Programming)

- Use Elasticsearch + Logstash + Kibana set up centralized log Practice Analysis Platform (Server)

- Two network security scanning tools under ubuntu (Linux)

- Android Dynamic efficiency articles: a brilliant Loading Analysis and Implementation (Programming)

- STL spatial Configurator (Programming)

- How to force Linux users to change the initial password the first time you log in (Linux)

- Linux / BSD firewall M0n0wall Profile (Linux)

- Redis-2.8.17 installation and configuration process some errors (Linux)

- Linux Variable content removal and replacement (Linux)

- Whisker Menu 1.4.3 Install menu Linux (Linux)

- Use read command to read user input (Programming)

- Java how to achieve bubble sort the problem Arraylist (Programming)

- Linux dd command make U disk boot disk (Linux)

- Calling Qt libraries to implement functional processes of some summary (Programming)

- Linux Nginx installation and configuration instructions (Server)

 
         
  Sturdy build secure Linux server
     
  Add Date : 2018-11-21      
         
       
         
  Nov 3 01:22:06 server sshd [11879]: Failed password for root from 123.127.5.131 port 38917 ssh2
Nov 3 01:22:17 server sshd [11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication.
Nov 3 03:15:08 server sshd [17524]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
4.238.47.93.res-cmts.tv13.ptd.net user = root
Nov 3 03:15:11 server sshd [17524]: Failed password for root from 24.238.47.93 port 3033 ssh2
Nov 3 03:15:11 server sshd [17525]: Received disconnect from 24.238.47.93: 11: Bye Bye
Nov 3 05:14:12 server sshd [20460]: Invalid user a from 218.28.4.61
Nov 3 05:14:12 server sshd [20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:12 server sshd [20461]: input_userauth_request: invalid user a
Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): check pass; user unknown
Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61
Nov 3 05:14:14 server sshd [20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2
Nov 3 05:14:14 server sshd [20461]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:16 server sshd [20467]: Invalid user 1 from 218.28.4.61
Nov 3 05:14:16 server sshd [20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:16 server sshd [20468]: input_userauth_request: invalid user 1
Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): check pass; user unknown
Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61
Nov 3 05:14:18 server sshd [20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2
Nov 3 05:14:18 server sshd [20468]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:20 server sshd [20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:20 server sshd [20473]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61 user = root
Nov 3 05:14:22 server sshd [20473]: Failed password for root from 218.28.4.61 port 15940 ssh2
Nov 3 05:14:22 server sshd [20475]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:24 server sshd [21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!

More like this:

Nov 4 13:09:44 server sshd [9319]: Did not receive identification string from 66.197.176.130
Nov 4 13:15:24 server sshd [10015]: Did not receive identification string from UNKNOWN
Nov 4 13:16:25 server sshd [10200]: Did not receive identification string from UNKNOWN
Nov 4 13:18:28 server sshd [11524]: Did not receive identification string from UNKNOWN
Nov 4 13:19:24 server sshd [11579]: Did not receive identification string from UNKNOWN
Nov 4 13:20:24 server sshd [11707]: Did not receive identification string from UNKNOWN
Nov 4 13:21:24 server sshd [11782]: Did not receive identification string from UNKNOWN
Nov 4 13:22:24 server sshd [11854]: Did not receive identification string from UNKNOWN
Nov 4 13:24:26 server sshd [12036]: Did not receive identification string from UNKNOWN
Nov 4 13:25:26 server sshd [12201]: Did not receive identification string from UNKNOWN
Nov 4 13:26:26 server sshd [13312]: Did not receive identification string from UNKNOWN
Nov 4 13:27:26 server sshd [13400]: Did not receive identification string from UNKNOWN
Nov 4 13:28:26 server sshd [13542]: Did not receive identification string from UNKNOWN

It seems a lot of security problems, huh, huh. It began operations, strengthening security perimeter, creating a secure server, so that hackers also Xiecai Americans, ha ha.

First, disable remote root login, change ssh port

vi / etc / ssh / sshd_config

PermitRootLogin no # disable root login, create a regular user as a remote login, then su - Switch to root user

#Port 22
Port 36301 # change to the general scanner sweep to exhausted to find the port (from 20 to 36301 sweep ... ha ha)

Restart /etc/init.d/sshd restart

After the above changes, security logs for several days and nothing happened, except my own log to log, the results of the early. But it did not last long, a few days later and found a tentative login log:

Nov 9 15:57:02 server sshd [13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd [15736]: Did not receive identification string from UNKNOWN
Nov 9 22:59:17 server sshd [15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd [16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd [16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd [17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd [17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd [17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd [18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd [18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd [18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd [18307]: Did not receive identification string from UNKNOWN

Ah, it seems this is a dedicated hacker, his perseverance paid off, finally found my new ssh port. (My god, from 22 to 36301 scans how long ???), it seems that I can exert my killer cut. IP closure

vi /etc/hosts.deny

sshd: ALL EXCEPT xxx.xxx.xxx.0 / 255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0 / 255.255.255.0

The above means that denies all IP ssh login I addition to the listed IP. I was using the Internet ADSL, IP is usually made in two pools, so the above is my yyy.yyy.yyy.0 xxx.xxx.xxx.0 and dynamic ADSL ip segment. Another zzz.zzz.zzz.zz fixed IP in my unit, this just in case, in case I changed the ADSL network, the server would not have refused me logged in? So be careful when doing IP refuse careful not to put themselves locked out, ha ha.

Said safety reinforcement, and then view the log tail -fn100 secure

Nov 9 23:48:17 server sshd [30249]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:49:17 server sshd [30319]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:50:17 server sshd [30475]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:51:18 server sshd [30539]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:52:17 server sshd [30609]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:53:17 server sshd [31752]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:54:17 server sshd [31833]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:55:17 server sshd [31978]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:56:22 server sshd [32045]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:57:18 server sshd [32105]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:58:18 server sshd [32171]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:59:17 server sshd [32238]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:00:20 server sshd [32378]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:01:20 server sshd [32450]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:02:19 server sshd [32484]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:03:19 server sshd [32545]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:04:19 server sshd [32607]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:05:19 server sshd [32749]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:06:19 server sshd [1367]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:07:20 server sshd [1416]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:08:20 server sshd [1474]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:09:21 server sshd [1551]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:10:21 server sshd [1658]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:11:20 server sshd [1721]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
     
         
       
         
  More:      
 
- Installation Mate Desktop in FreeBSD 10.1 (Linux)
- Access.log Apache access log analysis and how to import it into MySQL (Server)
- OpenJDK 7 compiled under Ubuntu 14.04.3 64-bit (Linux)
- Copy Recovery using RMAN repository development environment (Database)
- Source MongoDB 3.2.1 installed on CentOS6.5 (Database)
- Use Ansible efficient delivery Docker container (Server)
- Figlet use (Linux)
- Three strategies to teach you to release the device memory (Linux)
- Iptables Instructions (Linux)
- Cache implementation APP interacts with the server-side interface control Session (Server)
- Let VMware ESXi virtual switch support VLAN (Linux)
- Ubuntu 14.04 install AMD graphics driver is fully dual monitor solution (Linux)
- CentOS Linux build SVN server (Server)
- Easily solve the MySQL database connection error too many (Database)
- xCAT install and update software (Linux)
- Using Vagrant to build multi-platform environment (Server)
- How to create a binary distribution with Bash (Linux)
- Python objects (Programming)
- Using packet capture libpcap be reconciliation package in Ubuntu 14.04 64 bits (Linux)
- Ubuntu update bug fixes Daquan (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.