¿äÁò¿¡´Â Áß±¹ »Ó¸¸¾Æ´Ï¶ó ´Ù¸¥ ³ª¶ó¿¡¼µµ ºÒ¹ý Á¢±ÙÀ» Á¤¸» ¸¹ÀÌ ½Ãµµ ÇÏ°í ÀÖ½À´Ï´Ù.
Áö³ ÁÖ¿¡´Â ÇØÅ· ±îÁö ´çÇÏ´Â ºÒ»ó»ç°¡ ÀÖ¾ú½À´Ï´Ù.-_-; Àú°°Àº Ãʺ¸µµ ¸¾ÀÌ »óÇÏ´õ±º¿ä..
¾Æ¹«Æ° ÀÌ·±Àú·± ÀÏ ¶§¹®¿¡ ½ºÅ©¸³Æ®¸¦ Â¥Áý±â ÇØ º¸¾Ò½À´Ï´Ù.
½Ã°£Àû ¿©À¯°¡ ¸¹´Ù¸é ¹®Á¦Á¡À» ÆľÇÇÏ°í ÇØ°áÇÏ°í ½ÍÀºµ¥... ±×·² ¿©À¯°¡ ¾ø±º¿ä..
¼³¸í :
1. /var/log/secure ¿¡¼ ºÒ¹ý Á¢±ÙÀ» °Ë»öÇÑ´Ù.
2. °Ë»öÇÑ ³»¿ëÀ» "anonymous_blacklist" ÆÄÀÏ¿¡ ÀúÀåÇÑ´Ù.
3. "anonymous_blacklist" ¿Í "blacklist.txt" ¹®¼¸¦ ºñ±³ÇÏ¿© À¯´ÏÅ©ÇÑ IP¸¸À» "blacklist.tmp"ÆÄÀÏ¿¡ ÀúÀåÇÑ´Ù.
4. "blacklist.tmp" ÆÄÀÏÀ» "blacklist.txt" ·Î º¹»çÇÑ´Ù.
5. iptables -F ¸í·É¾î¸¦ ½ÇÇàÇÏ¿© ¸ðµç ·êÀ» ÃʱâÈ ÇÑ´Ù.
6. "blacklist.txt"¿¡ ÀúÀåµÇ¾î ÀÖ´Â IP¸¦ iptables¿¡ µî·ÏÇÑ´Ù.
7. ±âº» ¼ºñ½º Æ÷Æ®¸¦ iptables¿¡ µî·Ï ÇÑ´Ù.
ÁÖÀÇ!!
1. crontab¿¡ ¿Ã·Á¼ ÁÖ±âÀûÀ¸·Î ½ÇÇàÀ» ½ÃÅ°±â ¶§¹®¿¡(Àú´Â 5ºÐ ´ÜÀ§ ^_^;;) ±×Àü¿¡ ¶Ô¸®¸é ´ë·« ³°¨ÀÌÁÒ..
2. °ü¸®ÀÚµµ Æнº¿öµå¸¦ ÇѹøÀÌ¶óµµ Æ²¸®°Ô µÇ¸é Á¢¼ÓÀ» ÇÒ¼ö ¾ø´Â »óȲÀÌ »ý±é´Ï´Ù. ¤Ñ¤Ñ;;(diff ¸¦ ÀÌ¿ëÇؼ ±âº» Á¢¼Ó Çã¿ë IP¸¦ ¸¸µé¾î ³õ´Â°ÍÀÌ ... ¾î¶³±î...¿ä?
[root@FC4 ~]# |
[root@FC4 ~]# vi /admin/ip-deny.sh
#!/bin/sh IPTABLES=/sbin/iptables ALLOWED="22 25 80" #¼ºñ½º Çã¿ë Æ÷Æ® BLACKLIST=/admin/admin-script/BlackList/blacklist.txt #ºÒ¹ý ħÀÔ IP ¸®½ºÆ®
grep "Failed password for" /var/log/secure |\ egrep -v "invalid user|{USERID}|{LOGINIP}" |\ awk '{ print $11}' |\ uniq > /admin/admin-script/BlackList/tmp/anonymous_blacklist
grep "Failed password for invalid user" /var/log/secure.1 |\ awk '{ print $13}' |\ uniq >> /admin/admin-script/BlackList/tmp/anonymous_blacklist
cat /admin/admin-script/BlackList/tmp/anonymous_blacklist /admin/admin-script/BlackList/blacklist.txt |\ sort | uniq > /admin/admin-script/BlackList/tmp/blacklist.tmp
cp /admin/admin-script/BlackList/tmp/blacklist.tmp /admin/admin-script/BlackList/blacklist.txt
$IPTABLES -F
for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do echo "BlackList ( $x )" $IPTABLES -A INPUT -t filter -s $x -j DROP done
for port in $ALLOWED; do echo "Accepting port ( $port )" $IPTABLES -A INPUT -t filter -p tcp --dport $port -j ACCEPT done
$IPTABLES -A INPUT -t filter -s xxx.xxx.xxx.xxx -j ACCEPT $IPTABLES -A INPUT -t filter -p tcp --syn -j DROP exit 0 |