https://bugwang.cn/tags/%E5%AE%89%E5%85%A8/ Recent content in 安全 on bugwang Hugo -- gohugo.io zh-ch Tue, 04 Jun 2024 12:15:23 +0800 https://bugwang.cn/posts/ssh%E7%99%BB%E5%BD%95%E5%AE%89%E5%85%A8%E4%B8%8Efail2ban%E5%8A%A0%E5%9B%BA/ Tue, 04 Jun 2024 12:15:23 +0800 https://bugwang.cn/posts/ssh%E7%99%BB%E5%BD%95%E5%AE%89%E5%85%A8%E4%B8%8Efail2ban%E5%8A%A0%E5%9B%BA/ SSH登录安全与Fail2ban加固 查看：SSH暴力破解/爆破次数 RedHat 和 CentOS 存储在 /var/log/secure 1.查看 root 用户登录成功的IP及次数看看是否有不熟悉的 IP 地址 grep "Accepted password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more 2.查看尝试暴力破解 root 账户的IP及次数 grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more 3.查看尝试暴力破解用户名的IP及次数 grep "Failed password for invalid user" /var/log/secure | awk '{print $13}' | sort | uniq -c | sort -nr | more Debian 和 Ubuntu 存储在 /var/log/auth.