Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sturdy build secure Linux server     - Elaborate .NET Multithreading: Using Task (Programming)

- Differential test piece using MongoDB performance YCSB (Database)

- C ++ in the elimination Wunused (Programming)

- Enterprise-class GitHub warehousing environment build (Server)

- installation process of Matlab 2012a under Ubuntu 14.04 (Linux)

- Change all child files and subdirectories in the owner permissions Ubuntu (Linux)

- How to install the Linux text editor Atom 0.124.0 (Linux)

- PostgreSQL log classification and management (Database)

- Linux command Detailed chpasswd bulk edit user password (Linux)

- Java String and StringBuffer and StringBuilder Comments (Programming)

- MySQL log from the library than the main library (Database)

- Learning UNIX good habits (Linux)

- 64-bit Oracle Linux recompiled Hadoop-2.2.0 (Server)

- Moosefs Distributed File System Configuration (Server)

- The compiler installed Kaldi under Ubuntu 12.04 (Linux)

- MyCAT separate read and write to achieve MySQL Practice (Database)

- Deploy the project to the server from GitHub (Server)

- Oracle 12c detailing the new features (Database)

- Ten SCP transfer command example (Linux)

- Linux file and directory management - ls, cp, mv (Linux)

 
         
  Sturdy build secure Linux server
     
  Add Date : 2018-11-21      
         
         
         
  Nov 3 01:22:06 server sshd [11879]: Failed password for root from 123.127.5.131 port 38917 ssh2
Nov 3 01:22:17 server sshd [11880]: Received disconnect from 123.127.5.131: 13: The user canceled authentication.
Nov 3 03:15:08 server sshd [17524]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
4.238.47.93.res-cmts.tv13.ptd.net user = root
Nov 3 03:15:11 server sshd [17524]: Failed password for root from 24.238.47.93 port 3033 ssh2
Nov 3 03:15:11 server sshd [17525]: Received disconnect from 24.238.47.93: 11: Bye Bye
Nov 3 05:14:12 server sshd [20460]: Invalid user a from 218.28.4.61
Nov 3 05:14:12 server sshd [20460]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:12 server sshd [20461]: input_userauth_request: invalid user a
Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): check pass; user unknown
Nov 3 05:14:12 server sshd [20460]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61
Nov 3 05:14:14 server sshd [20460]: Failed password for invalid user a from 218.28.4.61 port 15683 ssh2
Nov 3 05:14:14 server sshd [20461]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:16 server sshd [20467]: Invalid user 1 from 218.28.4.61
Nov 3 05:14:16 server sshd [20467]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:16 server sshd [20468]: input_userauth_request: invalid user 1
Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): check pass; user unknown
Nov 3 05:14:16 server sshd [20467]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61
Nov 3 05:14:18 server sshd [20467]: Failed password for invalid user 1 from 218.28.4.61 port 15817 ssh2
Nov 3 05:14:18 server sshd [20468]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:20 server sshd [20473]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!
Nov 3 05:14:20 server sshd [20473]: pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost = 2
18.28.4.61 user = root
Nov 3 05:14:22 server sshd [20473]: Failed password for root from 218.28.4.61 port 15940 ssh2
Nov 3 05:14:22 server sshd [20475]: Received disconnect from 218.28.4.61: 11: Bye Bye
Nov 3 05:14:24 server sshd [21504]: Address 218.28.4.61 maps to pc0.zz.ha.cn, but this does not map back to the address - POS
SIBLE BREAK-IN ATTEMPT!

More like this:

Nov 4 13:09:44 server sshd [9319]: Did not receive identification string from 66.197.176.130
Nov 4 13:15:24 server sshd [10015]: Did not receive identification string from UNKNOWN
Nov 4 13:16:25 server sshd [10200]: Did not receive identification string from UNKNOWN
Nov 4 13:18:28 server sshd [11524]: Did not receive identification string from UNKNOWN
Nov 4 13:19:24 server sshd [11579]: Did not receive identification string from UNKNOWN
Nov 4 13:20:24 server sshd [11707]: Did not receive identification string from UNKNOWN
Nov 4 13:21:24 server sshd [11782]: Did not receive identification string from UNKNOWN
Nov 4 13:22:24 server sshd [11854]: Did not receive identification string from UNKNOWN
Nov 4 13:24:26 server sshd [12036]: Did not receive identification string from UNKNOWN
Nov 4 13:25:26 server sshd [12201]: Did not receive identification string from UNKNOWN
Nov 4 13:26:26 server sshd [13312]: Did not receive identification string from UNKNOWN
Nov 4 13:27:26 server sshd [13400]: Did not receive identification string from UNKNOWN
Nov 4 13:28:26 server sshd [13542]: Did not receive identification string from UNKNOWN

It seems a lot of security problems, huh, huh. It began operations, strengthening security perimeter, creating a secure server, so that hackers also Xiecai Americans, ha ha.

First, disable remote root login, change ssh port

vi / etc / ssh / sshd_config

PermitRootLogin no # disable root login, create a regular user as a remote login, then su - Switch to root user

#Port 22
Port 36301 # change to the general scanner sweep to exhausted to find the port (from 20 to 36301 sweep ... ha ha)

Restart /etc/init.d/sshd restart

After the above changes, security logs for several days and nothing happened, except my own log to log, the results of the early. But it did not last long, a few days later and found a tentative login log:

Nov 9 15:57:02 server sshd [13948]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13916]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13949]: Did not receive identification string from 66.197.176.130
Nov 9 15:57:02 server sshd [13944]: Did not receive identification string from 66.197.176.130
Nov 9 22:58:17 server sshd [15736]: Did not receive identification string from UNKNOWN
Nov 9 22:59:17 server sshd [15972]: Did not receive identification string from UNKNOWN
Nov 9 23:00:18 server sshd [16163]: Did not receive identification string from UNKNOWN
Nov 9 23:01:18 server sshd [16309]: Did not receive identification string from UNKNOWN
Nov 9 23:02:18 server sshd [17579]: Did not receive identification string from UNKNOWN
Nov 9 23:03:18 server sshd [17736]: Did not receive identification string from UNKNOWN
Nov 9 23:04:17 server sshd [17846]: Did not receive identification string from UNKNOWN
Nov 9 23:05:17 server sshd [18021]: Did not receive identification string from UNKNOWN
Nov 9 23:06:20 server sshd [18103]: Did not receive identification string from UNKNOWN
Nov 9 23:07:20 server sshd [18166]: Did not receive identification string from UNKNOWN
Nov 9 23:08:20 server sshd [18307]: Did not receive identification string from UNKNOWN

Ah, it seems this is a dedicated hacker, his perseverance paid off, finally found my new ssh port. (My god, from 22 to 36301 scans how long ???), it seems that I can exert my killer cut. IP closure

vi /etc/hosts.deny

sshd: ALL EXCEPT xxx.xxx.xxx.0 / 255.255.255.0 zzz.zzz.zzz.zz yyy.yyy.yyy.0 / 255.255.255.0

The above means that denies all IP ssh login I addition to the listed IP. I was using the Internet ADSL, IP is usually made in two pools, so the above is my yyy.yyy.yyy.0 xxx.xxx.xxx.0 and dynamic ADSL ip segment. Another zzz.zzz.zzz.zz fixed IP in my unit, this just in case, in case I changed the ADSL network, the server would not have refused me logged in? So be careful when doing IP refuse careful not to put themselves locked out, ha ha.

Said safety reinforcement, and then view the log tail -fn100 secure

Nov 9 23:48:17 server sshd [30249]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:49:17 server sshd [30319]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:50:17 server sshd [30475]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:51:18 server sshd [30539]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:52:17 server sshd [30609]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:53:17 server sshd [31752]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:54:17 server sshd [31833]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:55:17 server sshd [31978]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:56:22 server sshd [32045]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:57:18 server sshd [32105]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:58:18 server sshd [32171]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 9 23:59:17 server sshd [32238]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:00:20 server sshd [32378]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:01:20 server sshd [32450]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:02:19 server sshd [32484]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:03:19 server sshd [32545]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:04:19 server sshd [32607]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:05:19 server sshd [32749]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:06:19 server sshd [1367]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:07:20 server sshd [1416]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:08:20 server sshd [1474]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:09:21 server sshd [1551]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:10:21 server sshd [1658]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
Nov 10 00:11:20 server sshd [1721]: refused connect from :: ffff: 66.197.176.130 (:: ffff: 66.197.176.130)
     
         
         
         
  More:      
 
- Linux system security reinforcement system by masquerading method (Linux)
- CentOS6 5 Configure SSH password Free (Linux)
- Installation Strongswan: on a Linux IPsec-based VPN tool (Linux)
- Hadoop 2.5 Pseudo distribution installation (Server)
- Android custom title bar (Programming)
- RHEL6.4 one key installation Redmine (Linux)
- Zypper command for SUSE Linux package management (Linux)
- CentOS system Amoeba + MySQL Master-slave configuration (Database)
- ARP Linux-related operations (Linux)
- GitLab issued Merge Request return error 500 when the two solutions log (Linux)
- Implement Oracle dynamic registration of non-standard port 1521 (Database)
- CentOS / Linux kernel upgrade (Linux)
- Using monitoring tool dsniff (Linux)
- Ubuntu and derived versions of the user how to install G Mic 1.5.8.5 (Linux)
- Git large file storage will help handle large binary files (Linux)
- Zabbix monitoring of the switch (Server)
- The difference Docker save and export commands (Linux)
- 7 extremely dangerous Linux commands (Linux)
- Python programming style (Programming)
- Python implementation Bursa transition model (Programming)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.