This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Windows/Linux Linux hosts.allow hosts.deny security settings
View: 11421|Reply: 0

[linux] Linux hosts.allow hosts.deny security settings

[Copy link]
Posted on 2020-11-12 15:36:25 | | | |
In development, we will always use Linux, and generally we will use software such as securtcrt or xshell for remote login, which will bring us a lot of convenience, but there will also be certain risks. There are many people who try to hack our Linux development machine through repeated scans to get free "broilers". So we can make our personal Linux development machine more secure by setting the hosts.allow and hosts.deny files.

Log in log location/var/log/secure

Nov 11 02:01:18 k8s-node1 polkitd[933]: Loading rules from directory /etc/polkit-1/rules.d
Nov 11 02:01:18 k8s-node1 polkitd[933]: Loading rules from directory /usr/share/polkit-1/rules.d
Nov 11 02:01:18 k8s-node1 polkitd[933]: Finished loading, compiling and executing 10 rules
Nov 11 02:01:18 k8s-node1 polkitd[933]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Nov 11 02:02:14 k8s-node1 sshd[4964]: Accepted password for root from 192.168.40.1 port 58230 ssh2
Nov 11 02:02:14 k8s-node1 systemd[4967]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Nov 11 02:02:15 k8s-node1 sshd[4964]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 11 02:06:41 k8s-node1 sshd[6604]: Accepted password for root from 192.168.40.1 port 58440 ssh2
Nov 11 02:06:41 k8s-node1 sshd[6604]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 11 02:16:51 k8s-node1 sshd[6604]: pam_unix(sshd:session): session closed for user root
Nov 11 02:16:54 k8s-node1 sshd[4964]: pam_unix(sshd:session): session closed for user root
Nov 11 21:07:48 k8s-node1 sshd[9624]: Accepted password for root from 192.168.40.1 port 10074 ssh2
Nov 11 21:07:48 k8s-node1 systemd[9627]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Nov 11 21:07:48 k8s-node1 sshd[9624]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 11 23:22:56 k8s-node1 sshd[46317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.40.1  user=root
Nov 11 23:22:56 k8s-node1 sshd[46317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Nov 11 23:22:58 k8s-node1 sshd[46317]: Failed password for root from 192.168.40.1 port 21658 ssh2
Nov 11 23:23:02 k8s-node1 sshd[46317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Nov 11 23:23:03 k8s-node1 sshd[46317]: Failed password for root from 192.168.40.1 port 21658 ssh2
Nov 11 23:23:06 k8s-node1 sshd[46317]: error: Received disconnect from 192.168.40.1 port 21658:0:  [preauth]
Nov 11 23:23:06 k8s-node1 sshd[46317]: Disconnected from authenticating user root 192.168.40.1 port 21658 [preauth]
Nov 11 23:23:06 k8s-node1 sshd[46317]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.40.1  user=root


Blacklist /etc/hosts.deny

By editing the /etc/hosts.deny file, you can add IPs to a blacklist in the following format:

All SSHD remote connections are rejected


Whitelist /etc/hosts.allow

The IP address that allows login to the remote Linux server is as follows:


Note: hosts.allow has a higher priority than hosts.deny, if it is misconfiguredThere is no way to log in to the remote server。 In the hosts.allow file, you need to add a few more IPs that you use, such as your home IP, company IP, and cloud service provider IP. If the configuration is wrong, the only way I can think of at the moment isOnly reinstall the system





Previous:jquery listens for all ajax request completion statuses
Next:Docker repository (1) Build a private repository based on Harbor

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com