用pf防止ssh、ftp暴力攻擊

1.在/etc/pf.conf加入底下規則BSD爱好者乐园0n%t._ pYI

X&rk6N:ptable <SSHbruteforce> persist
)oCPa&p T|1r;mtable <FTPbruteforce> persistBSD爱好者乐园uSlJ0{yif
block quick from <SSHbruteforce>
bO2Q0fu)R'h)ablock quick from <FTPbruteforce>
_|#TM.Eq:J?knT8xpass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload <SSHbruteforce> flush global)BSD爱好者乐园'T#s_lj&B
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload <FTPbruteforce> flush global)BSD爱好者乐园(J^X.o(m;a^uj2h}

G+pg6kP5IxBSD爱好者乐园a4Rk/^)o;B
2.再寫個script去紀錄每天的狀況BSD爱好者乐园ZIl6aIr-X


[/{0uT-\
{P%NU;r j#!/bin/sh
GQ{NrQX]log_file="/var/log/bad_guy.log"BSD爱好者乐园~/TBj2R\
date >> $log_file
"B(Q shI&TE"?XBSD爱好者乐园 lyI%O8D
echo " FTP:" >> $log_file
)b m"J Kx5K(|"fv/sbin/pfctl -t SSHbruteforce -T show >> $log_fileBSD爱好者乐园\-C\-d8PT

\WQCz-_m%ojecho " SSH:" >> $log_fileBSD爱好者乐园^~2WEa#c4F1j
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
1MedR_
P\i^BSD爱好者乐园(| x$U#y&R)b9N
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
+}E;_Wb`
W5[D
vu_# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
,e&yQ"Rz,c# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
u~LR1cGXm*L Q
.JF'Z&U_並把設定加入rc.local
[版权声明]BSD爱好者乐园站内文章，如来源不是互联网，则均系原创或翻译之作，可随意转载，或以此为基础进行演译，但务必以链接形式注明原始出处和作者信息，否则属于侵权行为。另对本站转载他处文章，俱有说明，如有侵权请联系本人，本人将会在第一时间删除侵权文章。
TAG: ftp pf ssh 暴力破解