denyhosts/README.md

120 lines
4.0 KiB
Markdown
Raw Normal View History

2019-09-24 08:53:00 +08:00
# denyhosts
- 拒绝主机&杀毒
```
适用系统:
Debian 11
Centos 7
支持系统病毒扫描
支持一次运行检测、后台运行检测
支持钉钉告警和邮件告
支持第三方QQ邮箱告警
```
```
Debian
2023-01-15 10:33:54 +08:00
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
2022-11-19 19:30:56 +08:00
apt -y install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
apt -y install libsystemd-dev libjson-c-dev libpcre2-dev clamav-freshclam
2023-01-14 18:28:39 +08:00
apt -y install libltdl-dev libmspack-dev
2022-10-22 18:41:00 +08:00
freshclam # 更新病毒库(必要)
Debian系统使用libiptc库需要nftables切换到iptables
Switching to the legacy version:(切换到 iptables)
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
```
```
Centos 7
2023-01-15 10:33:54 +08:00
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
yum install iptables-devel libcurl-devel
2023-01-14 18:28:39 +08:00
yum install systemd-devel libtool-ltdl-devel libmspack-devel
yum -y install centos-release-scl
yum -y install devtoolset-11-gcc
source /opt/rh/devtoolset-11/enable #临时
echo "source /opt/rh/devtoolset-11/enable" >> /etc/profile #永久
2022-11-19 19:30:56 +08:00
mv /etc/cron.d/clamav-update /root
sed -i "s/DatabaseMirror .*/DatabaseMirror clamavdb.c3sl.ufpr.br/g" /etc/freshclam.conf
freshclam # 更新病毒库(必要)
```
2017-11-25 20:14:11 +08:00
2022-07-08 09:16:58 +08:00
```
用法
2019-10-22 23:08:05 +08:00
cd /root
2022-07-08 09:16:58 +08:00
git clone https://git.aixiao.me/aixiao/denyhosts
2019-10-22 23:11:56 +08:00
cd denyhosts
2023-01-14 18:28:39 +08:00
make clean
make libclamav_rust
make libclamav
make all
2022-12-02 10:13:07 +08:00
bash build.sh
2021-07-11 10:10:55 +08:00
启动:
./rhost -d -r / --exclude-dir="^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home" --move=/opt/infected --max-filesize 1024M -l clamscan.log # 用户指定参数,后台运行并扫描病毒
2022-10-22 18:41:00 +08:00
./rhost -d # 后台运行读取配置文件参数
2022-10-22 18:41:00 +08:00
./rhost # 只处理非法攻击
关闭
killall rhost
2022-07-08 09:16:58 +08:00
```
2019-09-24 08:53:00 +08:00
2022-06-26 19:49:00 +08:00
2022-07-08 09:16:58 +08:00
```
配置文件
global {
DAEMON = "off"; // on开启后台运行,off不开启
TIME = "10"; // 睡眠时间(大于等于1,单位秒)
2022-07-08 09:16:58 +08:00
2022-10-22 18:41:00 +08:00
PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP
2022-07-08 09:16:58 +08:00
IS_BLOCKED = 1; // 是否封禁攻击IP(1开启,非1关闭)
REFUSE_NUMBER = 3; // 拒绝攻击次数
CLAMAV = 1; // clamav 是否扫描病毒(测试阶段)(1开启,非1关闭)
CLAMAV_ARG = "-r / --exclude-dir="^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt" --move=/opt/infected --max-filesize 1024M -l clamscan.log";
CLAMAV_TIME = "* 17 13 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周)
IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭)
IPV4_WHITE_LIST = "1.1.1.1 "; // IP白名单(空格隔开)
2022-10-14 10:46:34 +08:00
REGION = 1; // 是否启用地域白名单(1开启,非1关闭)
REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域
REGION_LIST = "河南 郑州"; // 地域列表(空格隔开)
IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭)
IS_DING_WEBHOOK = 0; // 开启叮叮告警(1开启,非1关闭)
2022-10-22 18:41:00 +08:00
PHONE = "15565979082"; // @的人手机号
2022-07-08 09:16:58 +08:00
DING_WEBHOOK = "https://oapi.dingtalk.com/robot/send?access_token=7f069c672cb878987aa6772cca336740eece4ce36bde12b51b45e9f440e0565a"; // 钉钉WEBHOOK
IS_QQMAIL = 1; // 开启QQ邮箱告警(默认使用gomailhttps://git.aixiao.me/aixiao/gomail.git)(1开启,非1关闭)
2022-10-22 18:41:00 +08:00
RECV_MAIL = "1605227279@qq.com"; // 接收者QQ
2022-07-08 09:16:58 +08:00
}
2022-10-14 10:46:34 +08:00
2022-10-22 18:41:00 +08:00
2022-07-13 11:27:22 +08:00
```