denyhosts/README.md
2023-07-27 14:40:40 +08:00

123 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# denyhosts
- 拒绝主机&杀毒
```text
适用系统:
Debian 11、12
Centos 7
支持系统病毒扫描
支持一次运行检测、后台运行检测
支持钉钉告警和邮件告
支持第三方QQ邮箱告警
```
```text
Debian
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
apt -y install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
apt -y install libsystemd-dev libjson-c-dev libpcre2-dev clamav-freshclam
apt -y install libltdl-dev libmspack-dev
freshclam # 更新病毒库(必要)
Debian系统使用libiptc库需要nftables切换到iptables
Switching to the legacy version:(切换到 iptables)
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
```
```text
Centos 7
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
yum install iptables-devel libcurl-devel
yum install systemd-devel libtool-ltdl-devel libmspack-devel
yum -y install centos-release-scl
yum -y install devtoolset-11-gcc
source /opt/rh/devtoolset-11/enable #临时
echo "source /opt/rh/devtoolset-11/enable" >> /etc/profile #永久
mv /etc/cron.d/clamav-update /root
sed -i "s/DatabaseMirror .*/DatabaseMirror clamavdb.c3sl.ufpr.br/g" /etc/freshclam.conf
freshclam # 更新病毒库(必要)
```
```text
用法
cd /root
git clone https://git.aixiao.me/aixiao/denyhosts
cd denyhosts
make clean
make all
bash build.sh
启动:
./rhost -d -r / --exclude-dir="^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home" --move=/opt/infected --max-filesize 1024M -l clamscan.log # 用户指定参数,后台运行并扫描病毒
./rhost -d # 后台运行读取配置文件参数
./rhost # 只处理非法攻击
关闭
killall rhost
```
```text
配置文件
global {
DAEMON = "off"; // on开启后台运行,off不开启(弃用)
TIME = "10"; // 睡眠时间(大于等于1,单位秒)
PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP
IS_DISK = 1; // 磁盘使用率(1开启,非1关闭)
DISK_USE = 95; // 任意某块磁盘使用率告警(大于等于1)
IS_BLOCKED = 1; // 是否封禁攻击IP(1开启,非1关闭)
REFUSE_NUMBER = 3; // 拒绝攻击次数
CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭)
CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log";
CLAMAV_TIME = "* 1 4 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周)
IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭)
IPV4_WHITE_LIST = "1.1.1.1 2.2.2.2 "; // IP白名单(空格隔开)
REGION = 1; // 是否启用地域白名单(1开启,非1关闭)
IP2REGION = 1; // 是否使用本地 ip2region 地址定位库(1使用,非1不使用)
//REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域(aliyun付费API, 弃用)
REGION_URL = "https://api01.aliyun.venuscn.com/ip?ip=%s -H Authorization:APPCODE a1d842b8afda418c8ea24271a4e16b1f";
REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开)
IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭)
IS_DING_WEBHOOK = 0; // 开启叮叮告警(1开启,非1关闭)
PHONE = "15565979082"; // @的人手机号
DING_WEBHOOK = "https://oapi.dingtalk.com/robot/send?access_token=7f069c672cb878987aa6772cca336740eece4ce36bde12b51b45e9f440e0565a"; // 钉钉WEBHOOK
IS_QQMAIL = 1; // 开启QQ邮箱告警(默认使用gomailhttps://git.aixiao.me/aixiao/gomail.git)(1开启,非1关闭)
RECV_MAIL = "1605227279@qq.com"; // 接收者QQ
}
```