¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 111°Ç
   
ºÒ¹ý Á¢±Ù ÀÚµ¿ Â÷´Ü ½ºÅ©¸³Æ®
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2009-11-30 (¿ù) 21:10 Á¶È¸ : 6880
±ÛÁÖ¼Ò :
                             

 
¿äÁò¿¡´Â Áß±¹ »Ó¸¸¾Æ´Ï¶ó ´Ù¸¥ ³ª¶ó¿¡¼­µµ ºÒ¹ý Á¢±ÙÀ» Á¤¸» ¸¹ÀÌ ½Ãµµ ÇÏ°í ÀÖ½À´Ï´Ù.
Áö³­ ÁÖ¿¡´Â ÇØÅ· ±îÁö ´çÇÏ´Â ºÒ»ó»ç°¡ ÀÖ¾ú½À´Ï´Ù.-_-; Àú°°Àº Ãʺ¸µµ ¸¾ÀÌ »óÇÏ´õ±º¿ä..
¾Æ¹«Æ° ÀÌ·±Àú·± ÀÏ ¶§¹®¿¡ ½ºÅ©¸³Æ®¸¦ Â¥Áý±â ÇØ º¸¾Ò½À´Ï´Ù.
½Ã°£Àû ¿©À¯°¡ ¸¹´Ù¸é ¹®Á¦Á¡À» ÆľÇÇÏ°í ÇØ°áÇÏ°í ½ÍÀºµ¥... ±×·² ¿©À¯°¡ ¾ø±º¿ä..



¼³¸í :
1. /var/log/secure ¿¡¼­ ºÒ¹ý Á¢±ÙÀ» °Ë»öÇÑ´Ù.
2. °Ë»öÇÑ ³»¿ëÀ» "anonymous_blacklist" ÆÄÀÏ¿¡ ÀúÀåÇÑ´Ù.
3. "anonymous_blacklist" ¿Í "blacklist.txt" ¹®¼­¸¦ ºñ±³ÇÏ¿© À¯´ÏÅ©ÇÑ IP¸¸À» "blacklist.tmp"ÆÄÀÏ¿¡ ÀúÀåÇÑ´Ù.
4. "blacklist.tmp" ÆÄÀÏÀ» "blacklist.txt" ·Î º¹»çÇÑ´Ù.
5. iptables -F ¸í·É¾î¸¦ ½ÇÇàÇÏ¿© ¸ðµç ·êÀ» ÃʱâÈ­ ÇÑ´Ù.
6. "blacklist.txt"¿¡ ÀúÀåµÇ¾î ÀÖ´Â IP¸¦ iptables¿¡ µî·ÏÇÑ´Ù.
7. ±âº» ¼­ºñ½º Æ÷Æ®¸¦ iptables¿¡ µî·Ï ÇÑ´Ù.

ÁÖÀÇ!!
1. crontab¿¡ ¿Ã·Á¼­ ÁÖ±âÀûÀ¸·Î ½ÇÇàÀ» ½ÃÅ°±â ¶§¹®¿¡(Àú´Â 5ºÐ ´ÜÀ§ ^_^;;) ±×Àü¿¡ ¶Ô¸®¸é ´ë·« ³­°¨ÀÌÁÒ..
2. °ü¸®ÀÚµµ Æнº¿öµå¸¦ ÇѹøÀÌ¶óµµ Æ²¸®°Ô µÇ¸é Á¢¼ÓÀ» ÇÒ¼ö ¾ø´Â »óȲÀÌ »ý±é´Ï´Ù. ¤Ñ¤Ñ;;(diff ¸¦ ÀÌ¿ëÇؼ­ ±âº» Á¢¼Ó Çã¿ë IP¸¦ ¸¸µé¾î ³õ´Â°ÍÀÌ ... ¾î¶³±î...¿ä?


[root@FC4 ~]#
[root@FC4 ~]# vi /admin/ip-deny.sh

#!/bin/sh
IPTABLES=/sbin/iptables
ALLOWED="22 25 80" #¼­ºñ½º Çã¿ë Æ÷Æ®
BLACKLIST=/admin/admin-script/BlackList/blacklist.txt
#ºÒ¹ý ħÀÔ IP ¸®½ºÆ®
grep "Failed password for" /var/log/secure |\
egrep -v "invalid user|{USERID}|{LOGINIP}" |\
awk '{ print $11}' |\
uniq  > /admin/admin-script/BlackList/tmp/anonymous_blacklist
grep "Failed password for invalid user" /var/log/secure.1 |\
awk '{ print $13}' |\
uniq >> /admin/admin-script/BlackList/tmp/anonymous_blacklist
cat /admin/admin-script/BlackList/tmp/anonymous_blacklist /admin/admin-script/BlackList/blacklist.txt |\
sort | uniq > /admin/admin-script/BlackList/tmp/blacklist.tmp
cp /admin/admin-script/BlackList/tmp/blacklist.tmp /admin/admin-script/BlackList/blacklist.txt
$IPTABLES -F

for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do
echo "BlackList ( $x )"
$IPTABLES -A INPUT -t filter -s $x -j DROP
done
for port in $ALLOWED; do
echo "Accepting port ( $port )"
$IPTABLES -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done
$IPTABLES -A INPUT -t filter -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -t filter -p tcp --syn -j DROP
exit 0

 


À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.