Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sturdy build secure Linux server     - Ubuntu users to install Xtreme Download Manager (Linux)

- Formatted output printf command (Programming)

- Nginx + uWSGI + Django + Python Application Architecture Deployment (Server)

- CentOS install Memcached (Server)

- Under CentOS yum install Nginx smooth switch mounted to Tengine (Server)

- bash login and welcome message: / etc / issue, / etc / motd (Linux)

- Linux kernel source tree to establish load module hello (Linux)

- C ++ virtual functions Classic Insights (Programming)

- CentOS iptables firewall enabled (Linux)

- After installing minimize RHEL / CentOS 7 need to do some things (Linux)

- CentOS yum install LNMP PHP5.4 version (Server)

- Infinispan 8 new Redis cache storage implementation (Linux)

- Let your PHP 7 faster the Hugepage (Linux)

- MySQL 5.7 and 5.6 group by differences (Database)

- Linux directory configuration (Linux)

- Oracle 11g em start newspaper site's security certificate has a solution to the problem (Database)

- Ubuntu uses the / etc / profile file to configure the JAVA environment variable (Linux)

- Ubuntu terminal command - see the port occupied and off (Linux)

- Encounter ORA-00600: internal error code, arguments: [4194] ORA-1552 (Database)

- Install Mac OS X 10.9 systems VMware10 (Linux)

 
         
  Sturdy build secure Linux server
     
  Add Date : 2018-11-21      
         
       
         
  Nov 3 01:22:06 server sshd [11879]: Failed password for root from 123.127.5.131 port 38917 ssh2
Nov 3 01:22:17 server sshd [11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication.
Nov 3 03:15:08 server sshd [17524]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
4.238.47.93.res-cmts.tv13.ptd.net user = root
Nov 3 03:15:11 server sshd [17524]: Failed password for root from 24.238.47.93 port 3033 ssh2
Nov 3 03:15:11 server sshd [17525]: Received disconnect from 24.238.47.93: 11: Bye Bye
Nov 3 05:14:12 server sshd [20460]: Invalid user a from 218.28.4.61
Nov 3 05:14:12 server sshd [20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:12 server sshd [20461]: input_userauth_request: invalid user a
Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): check pass; user unknown
Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61
Nov 3 05:14:14 server sshd [20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2
Nov 3 05:14:14 server sshd [20461]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:16 server sshd [20467]: Invalid user 1 from 218.28.4.61
Nov 3 05:14:16 server sshd [20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:16 server sshd [20468]: input_userauth_request: invalid user 1
Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): check pass; user unknown
Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61
Nov 3 05:14:18 server sshd [20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2
Nov 3 05:14:18 server sshd [20468]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:20 server sshd [20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:20 server sshd [20473]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61 user = root
Nov 3 05:14:22 server sshd [20473]: Failed password for root from 218.28.4.61 port 15940 ssh2
Nov 3 05:14:22 server sshd [20475]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:24 server sshd [21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!

More like this:

Nov 4 13:09:44 server sshd [9319]: Did not receive identification string from 66.197.176.130
Nov 4 13:15:24 server sshd [10015]: Did not receive identification string from UNKNOWN
Nov 4 13:16:25 server sshd [10200]: Did not receive identification string from UNKNOWN
Nov 4 13:18:28 server sshd [11524]: Did not receive identification string from UNKNOWN
Nov 4 13:19:24 server sshd [11579]: Did not receive identification string from UNKNOWN
Nov 4 13:20:24 server sshd [11707]: Did not receive identification string from UNKNOWN
Nov 4 13:21:24 server sshd [11782]: Did not receive identification string from UNKNOWN
Nov 4 13:22:24 server sshd [11854]: Did not receive identification string from UNKNOWN
Nov 4 13:24:26 server sshd [12036]: Did not receive identification string from UNKNOWN
Nov 4 13:25:26 server sshd [12201]: Did not receive identification string from UNKNOWN
Nov 4 13:26:26 server sshd [13312]: Did not receive identification string from UNKNOWN
Nov 4 13:27:26 server sshd [13400]: Did not receive identification string from UNKNOWN
Nov 4 13:28:26 server sshd [13542]: Did not receive identification string from UNKNOWN

It seems a lot of security problems, huh, huh. It began operations, strengthening security perimeter, creating a secure server, so that hackers also Xiecai Americans, ha ha.

First, disable remote root login, change ssh port

vi / etc / ssh / sshd_config

PermitRootLogin no # disable root login, create a regular user as a remote login, then su - Switch to root user

#Port 22
Port 36301 # change to the general scanner sweep to exhausted to find the port (from 20 to 36301 sweep ... ha ha)

Restart /etc/init.d/sshd restart

After the above changes, security logs for several days and nothing happened, except my own log to log, the results of the early. But it did not last long, a few days later and found a tentative login log:

Nov 9 15:57:02 server sshd [13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd [15736]: Did not receive identification string from UNKNOWN
Nov 9 22:59:17 server sshd [15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd [16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd [16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd [17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd [17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd [17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd [18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd [18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd [18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd [18307]: Did not receive identification string from UNKNOWN

Ah, it seems this is a dedicated hacker, his perseverance paid off, finally found my new ssh port. (My god, from 22 to 36301 scans how long ???), it seems that I can exert my killer cut. IP closure

vi /etc/hosts.deny

sshd: ALL EXCEPT xxx.xxx.xxx.0 / 255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0 / 255.255.255.0

The above means that denies all IP ssh login I addition to the listed IP. I was using the Internet ADSL, IP is usually made in two pools, so the above is my yyy.yyy.yyy.0 xxx.xxx.xxx.0 and dynamic ADSL ip segment. Another zzz.zzz.zzz.zz fixed IP in my unit, this just in case, in case I changed the ADSL network, the server would not have refused me logged in? So be careful when doing IP refuse careful not to put themselves locked out, ha ha.

Said safety reinforcement, and then view the log tail -fn100 secure

Nov 9 23:48:17 server sshd [30249]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:49:17 server sshd [30319]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:50:17 server sshd [30475]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:51:18 server sshd [30539]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:52:17 server sshd [30609]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:53:17 server sshd [31752]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:54:17 server sshd [31833]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:55:17 server sshd [31978]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:56:22 server sshd [32045]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:57:18 server sshd [32105]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:58:18 server sshd [32171]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:59:17 server sshd [32238]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:00:20 server sshd [32378]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:01:20 server sshd [32450]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:02:19 server sshd [32484]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:03:19 server sshd [32545]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:04:19 server sshd [32607]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:05:19 server sshd [32749]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:06:19 server sshd [1367]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:07:20 server sshd [1416]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:08:20 server sshd [1474]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:09:21 server sshd [1551]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:10:21 server sshd [1658]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:11:20 server sshd [1721]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
     
         
       
         
  More:      
 
- How to install the client sqlplus under linux (Database)
- Ora-1092: OPI colleague K aborting process --- killed by OO Well killer (Database)
- RHEL6.4 one key installation Redmine (Linux)
- Regular expressions in Perl (Programming)
- Ubuntu 14.04 Boot Repair (Linux)
- 10 useful Linux command line tips (Linux)
- CentOS 6/7 Series Docker Installation (Linux)
- Oracle JDK installation under Ubuntu Linux (Linux)
- Eclipse distributed management using GitHub project development (Linux)
- Embedded Linux to solve the problem in the time zone (Linux)
- Joseph Central Java implementation (Programming)
- Erase do with HTML5 Canvas and diffusion effect (Programming)
- The most concise Systemd tutorial, just ten minutes (Linux)
- TWiki LDAP error appears the problem is solved (Linux)
- Ubuntu prompt / lack of boot space solutions (Linux)
- The method of Linux into the rescue mode (Linux)
- MySQL stored procedures execute dynamic sql statement (Database)
- Java-- get the reflection object information (Programming)
- Creating and extracting archives 11 tar command examples in Linux (Linux)
- Linux System Tutorial: How to browse the Linux command line, weather forecast (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.