Gareth Andrew Lloyd Ignition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Minimum authentication required, this should be a no | |
| PermitEmptyPasswords no | |
| # Root has full access to the machine, this is an attackers aim | |
| # refuse ssh access and use sudo from another user account | |
| PermitRootLogin no | |
| # SSH daemon is easy to detect but most attackers assume port 22 | |
| # you can change to a non standard port, this will require the | |
| # -p option on the ssh client in order to connect to correct port |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| zcat -f /var/log/auth.log* | grep -f bad-phrases | awk '{print $1,$2}' | sort -k 1,1M -k 2n | grep -vf white-list | uniq -c | |
| ## Output | |
| # | |
| # 953 Mar 13 | |
| # 1420 Mar 14 | |
| # 1783 Mar 15 | |
| # 1366 Mar 16 | |
| # 4572 Mar 17 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ./badlist.sh | while read ipaddr | |
| do | |
| iptables -I INPUT -s ${ipaddr} -j DROP | |
| done | |
| iptables-save > /etc/iptables.rules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Failed password | |
| Did not receive identification string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mar 27 10:29:09 li195-46 sshd[11343]: Invalid user gamma from 221.12.162.169 | |
| Mar 27 10:29:09 li195-46 sshd[11343]: pam_unix(sshd:auth): check pass; user unknown | |
| Mar 27 10:29:09 li195-46 sshd[11343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.12.162.169 | |
| Mar 27 10:29:11 li195-46 sshd[11343]: Failed password for invalid user gamma from 221.12.162.169 port 55656 ssh2 | |
| Mar 27 10:29:21 li195-46 sshd[11345]: Did not receive identification string from 221.12.162.169 |
NewerOlder