aixiao/denyhosts
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
07f551d5e4
denyhosts/README.md
aixiao 07f551d5e4 添加病毒扫描
2022-10-22 18:41:00 +08:00

92 lines
2.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# denyhosts
ssh防止暴力破解,适用Debian 8、9、11 Centos 7
支持钉钉告警和邮件告警
支持第三方QQ邮箱告警
支持一次运行检测、后台运行检测
```
Debian系统请安装libcurl、iptables-devel、libclamav-devel
apt install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
freshclam # 更新病毒库(必要)
```
```
Centos 7系统请安装libcurl、iptables-devel、libclamav-devel
yum install clamav clamav-update clamav-lib
yum install iptables-devel libcurl-devel
freshclam # 更新病毒库(必要)
```
```
cd /root
git clone https://git.aixiao.me/aixiao/denyhosts
cd denyhosts
make clean; make
chmod a+x /root/denyhosts/denyhosts.sh
crontab 定时任务,像这样.
0 22 * * * /root/denyhosts/denyhosts.sh
示列:
./rhost -d -r / --exclude-dir="^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home" --move=/opt/infected --max-filesize 1024M -l #后台运行并扫描病毒
./rhost # 只处理非法攻击
```
```
Debian系统使用libiptc库需要nftables切换到iptables
Switching to the legacy version:(切换到 iptables)
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
```
```
配置文件
global {
DAEMON = "off"; // on开启后台运行off不开启
TIME = "10"; // 睡眠时间
CLAMAV = 1; // clamav 是否扫描病毒
CLAMAV_TIME = "1726"; // clamav 扫描时间(小时分钟,默认每天运行)
PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP
IPV4_RESTRICTION = 1; // 是否启用IP白名单
IPV4_WHITE_LIST = "1.1.1.1 "; // IP白名单
REGION = 1; // 是否启用地域白名单
REGION_LIST = "河南 郑州"; // 地域列表
IS_BLOCKED = 1; // 是否封禁攻击IP
REFUSE_NUMBER = 3; // 拒绝攻击次数
IS_MAIL = 0; // 开启邮件告警
IS_DING_WEBHOOK = 0; // 开启叮叮告警
PHONE = "15565979082"; // @的人手机号
DING_WEBHOOK = "https://oapi.dingtalk.com/robot/send?access_token=7f069c672cb878987aa6772cca336740eece4ce36bde12b51b45e9f440e0565a"; // 钉钉WEBHOOK
IS_QQMAIL = 0; // 开启QQ邮箱告警(默认使用gomailhttps://git.aixiao.me/aixiao/gomail.git)
RECV_MAIL = "1605227279@qq.com"; // 接收者QQ
}
```
Reference in New Issue View Git Blame Copy Permalink