Sturdy build secure Linux server - linux - newfreesoft.com

Home

PC Games

Linux

Windows

Database

Network

Programming

Server

Mobile


	Home \ Linux \ Sturdy build secure Linux server			- Ubuntu system safe and caution sudo su command (Linux) - Fedora network set up simple (Linux) - Create your own YUM repository (Linux) - Linux Shell introduces (Linux) - GNU Linux system variables (sysctl configuration commands) integrated use (Linux) - Free compiler install MySQL-5.6.14 (Database) - Let the terminal under Mac OS X as like Linux has displayed a variety of colors (Linux) - How to manage your to-do list with the Go For It on Ubuntu (Linux) - Plasma 5.4 How to install on Kubuntu 15.04 (Linux) - Beautiful start Ubuntu installation tool Duck Launcher 0.64.5 (Linux) - STL source code analysis - iterator each container classification (Programming) - Bash Getopts - let your script supports command line parameters (Linux) - Linux Troubleshooting: How to save the status of the SSH session is closed (Linux) - Linux source code to install Apache and solutions to common errors (Server) - Puppet centralized configuration management system (Server) - Ubuntu install virtual machine software VirtualBox 4.3.10 (Linux) - Hibernate + JUnit test entity class generate database table (Programming) - Ubuntu 12.04 configure NVIDIA CUDA 5.5 Record (Linux) - Linux nice program origin of the name (Linux) - Binary search is really easy as you think you do (Programming)

	Sturdy build secure Linux server
	Add Date : 2018-11-21



	Nov 3 01:22:06 server sshd [11879]: Failed password for root from 123.127.5.131 port 38917 ssh2 Nov 3 01:22:17 server sshd [11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication. Nov 3 03:15:08 server sshd [17524]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2 4.238.47.93.res-cmts.tv13.ptd.net user = root Nov 3 03:15:11 server sshd [17524]: Failed password for root from 24.238.47.93 port 3033 ssh2 Nov 3 03:15:11 server sshd [17525]: Received disconnect from 24.238.47.93: 11: Bye Bye Nov 3 05:14:12 server sshd [20460]: Invalid user a from 218.28.4.61 Nov 3 05:14:12 server sshd [20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS SIBLE BREAK-IN ATTEMPT! Nov 3 05:14:12 server sshd [20461]: input_userauth_request: invalid user a Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): check pass; user unknown Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2 18.28.4.61 Nov 3 05:14:14 server sshd [20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2 Nov 3 05:14:14 server sshd [20461]: Received disconnect from 218.28.4.61: 11: Bye Bye Nov 3 05:14:16 server sshd [20467]: Invalid user 1 from 218.28.4.61 Nov 3 05:14:16 server sshd [20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS SIBLE BREAK-IN ATTEMPT! Nov 3 05:14:16 server sshd [20468]: input_userauth_request: invalid user 1 Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): check pass; user unknown Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2 18.28.4.61 Nov 3 05:14:18 server sshd [20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2 Nov 3 05:14:18 server sshd [20468]: Received disconnect from 218.28.4.61: 11: Bye Bye Nov 3 05:14:20 server sshd [20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS SIBLE BREAK-IN ATTEMPT! Nov 3 05:14:20 server sshd [20473]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2 18.28.4.61 user = root Nov 3 05:14:22 server sshd [20473]: Failed password for root from 218.28.4.61 port 15940 ssh2 Nov 3 05:14:22 server sshd [20475]: Received disconnect from 218.28.4.61: 11: Bye Bye Nov 3 05:14:24 server sshd [21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS SIBLE BREAK-IN ATTEMPT! More like this: Nov 4 13:09:44 server sshd [9319]: Did not receive identification string from 66.197.176.130 Nov 4 13:15:24 server sshd [10015]: Did not receive identification string from UNKNOWN Nov 4 13:16:25 server sshd [10200]: Did not receive identification string from UNKNOWN Nov 4 13:18:28 server sshd [11524]: Did not receive identification string from UNKNOWN Nov 4 13:19:24 server sshd [11579]: Did not receive identification string from UNKNOWN Nov 4 13:20:24 server sshd [11707]: Did not receive identification string from UNKNOWN Nov 4 13:21:24 server sshd [11782]: Did not receive identification string from UNKNOWN Nov 4 13:22:24 server sshd [11854]: Did not receive identification string from UNKNOWN Nov 4 13:24:26 server sshd [12036]: Did not receive identification string from UNKNOWN Nov 4 13:25:26 server sshd [12201]: Did not receive identification string from UNKNOWN Nov 4 13:26:26 server sshd [13312]: Did not receive identification string from UNKNOWN Nov 4 13:27:26 server sshd [13400]: Did not receive identification string from UNKNOWN Nov 4 13:28:26 server sshd [13542]: Did not receive identification string from UNKNOWN It seems a lot of security problems, huh, huh. It began operations, strengthening security perimeter, creating a secure server, so that hackers also Xiecai Americans, ha ha. First, disable remote root login, change ssh port vi / etc / ssh / sshd_config PermitRootLogin no # disable root login, create a regular user as a remote login, then su - Switch to root user #Port 22 Port 36301 # change to the general scanner sweep to exhausted to find the port (from 20 to 36301 sweep ... ha ha) Restart /etc/init.d/sshd restart After the above changes, security logs for several days and nothing happened, except my own log to log, the results of the early. But it did not last long, a few days later and found a tentative login log: Nov 9 15:57:02 server sshd [13948]: Did not receive identification string from 66.197.176.130 Nov 9 15:57:02 server sshd [13916]: Did not receive identification string from 66.197.176.130 Nov 9 15:57:02 server sshd [13949]: Did not receive identification string from 66.197.176.130 Nov 9 15:57:02 server sshd [13944]: Did not receive identification string from 66.197.176.130 Nov 9 22:58:17 server sshd [15736]: Did not receive identification string from UNKNOWN Nov 9 22:59:17 server sshd [15972]: Did not receive identification string from UNKNOWN Nov 9 23:00:18 server sshd [16163]: Did not receive identification string from UNKNOWN Nov 9 23:01:18 server sshd [16309]: Did not receive identification string from UNKNOWN Nov 9 23:02:18 server sshd [17579]: Did not receive identification string from UNKNOWN Nov 9 23:03:18 server sshd [17736]: Did not receive identification string from UNKNOWN Nov 9 23:04:17 server sshd [17846]: Did not receive identification string from UNKNOWN Nov 9 23:05:17 server sshd [18021]: Did not receive identification string from UNKNOWN Nov 9 23:06:20 server sshd [18103]: Did not receive identification string from UNKNOWN Nov 9 23:07:20 server sshd [18166]: Did not receive identification string from UNKNOWN Nov 9 23:08:20 server sshd [18307]: Did not receive identification string from UNKNOWN Ah, it seems this is a dedicated hacker, his perseverance paid off, finally found my new ssh port. (My god, from 22 to 36301 scans how long ???), it seems that I can exert my killer cut. IP closure vi /etc/hosts.deny sshd: ALL EXCEPT xxx.xxx.xxx.0 / 255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0 / 255.255.255.0 The above means that denies all IP ssh login I addition to the listed IP. I was using the Internet ADSL, IP is usually made in two pools, so the above is my yyy.yyy.yyy.0 xxx.xxx.xxx.0 and dynamic ADSL ip segment. Another zzz.zzz.zzz.zz fixed IP in my unit, this just in case, in case I changed the ADSL network, the server would not have refused me logged in? So be careful when doing IP refuse careful not to put themselves locked out, ha ha. Said safety reinforcement, and then view the log tail -fn100 secure Nov 9 23:48:17 server sshd [30249]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:49:17 server sshd [30319]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:50:17 server sshd [30475]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:51:18 server sshd [30539]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:52:17 server sshd [30609]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:53:17 server sshd [31752]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:54:17 server sshd [31833]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:55:17 server sshd [31978]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:56:22 server sshd [32045]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:57:18 server sshd [32105]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:58:18 server sshd [32171]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 9 23:59:17 server sshd [32238]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:00:20 server sshd [32378]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:01:20 server sshd [32450]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:02:19 server sshd [32484]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:03:19 server sshd [32545]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:04:19 server sshd [32607]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:05:19 server sshd [32749]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:06:19 server sshd [1367]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:07:20 server sshd [1416]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:08:20 server sshd [1474]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:09:21 server sshd [1551]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:10:21 server sshd [1658]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130) Nov 10 00:11:20 server sshd [1721]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)



	More:
	- ethtool command Detailed (Linux) - Define and modify strings principle in Python (Programming) - Objective-C basic program structure (Programming) - Briefly explain the invasion of the four-level denial of service attack DoS Linux server (Linux) - CentOS 6.5 installation and deployment SVN 1.8.10 (Linux) - Android project and coding specifications (Programming) - Lua study notes under ubuntu (Linux) - Oracle 11g maintenance partitions (Seven) - Modifying Real Attributes of Partitions (Database) - Merge Sort (Programming) - To solve the Mac in question invalid BASH under configuration environment variable (Linux) - Using DBMS_STAT function closes mission (Database) - fcntl file locking function add (Programming) - Ubuntu 14.04 / 14.10 how to install Mate 1.10.0 (Linux) - How to Start a Linux application running in the background using the terminal mode (Linux) - CentOS 5.3 under broadcom NIC dual activation issues (Linux) - Vim useful plugin: YouCompleteMe (Linux) - Usage of sudo (Linux) - To disable the function by pressing Ctrl-Alt-Del to restart the system in RHEL / CentOS 5/6 (Linux) - Linux system installation and usage instructions Wetty (Linux) - Ubuntu font settings: Using Windows Font (Linux)


	CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.