Linux hosts.allow hosts.deny 安全设置

小渣渣

在开发中，我们总会使用到linux，而一般我们都会使用securtcrt或者xshell等软件进行远程登录，这样虽然会给我们带来很多便捷，但是同样会存在一定的风险。有很多人专门通过重复的扫描试图破解我们的linux开发机，从而获取免费的“肉鸡”。因此我们可以通过设置hosts.allow和hosts.deny文件来使我们个人的linux开发机更安全。

登录日志位置 /var/log/secure

Nov 11 02:01:18 k8s-node1 polkitd[933]: Loading rules from directory /etc/polkit-1/rules.d
Nov 11 02:01:18 k8s-node1 polkitd[933]: Loading rules from directory /usr/share/polkit-1/rules.d
Nov 11 02:01:18 k8s-node1 polkitd[933]: Finished loading, compiling and executing 10 rules
Nov 11 02:01:18 k8s-node1 polkitd[933]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Nov 11 02:02:14 k8s-node1 sshd[4964]: Accepted password for root from 192.168.40.1 port 58230 ssh2
Nov 11 02:02:14 k8s-node1 systemd[4967]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Nov 11 02:02:15 k8s-node1 sshd[4964]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 11 02:06:41 k8s-node1 sshd[6604]: Accepted password for root from 192.168.40.1 port 58440 ssh2
Nov 11 02:06:41 k8s-node1 sshd[6604]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 11 02:16:51 k8s-node1 sshd[6604]: pam_unix(sshd:session): session closed for user root
Nov 11 02:16:54 k8s-node1 sshd[4964]: pam_unix(sshd:session): session closed for user root
Nov 11 21:07:48 k8s-node1 sshd[9624]: Accepted password for root from 192.168.40.1 port 10074 ssh2
Nov 11 21:07:48 k8s-node1 systemd[9627]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Nov 11 21:07:48 k8s-node1 sshd[9624]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 11 23:22:56 k8s-node1 sshd[46317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.40.1  user=root
Nov 11 23:22:56 k8s-node1 sshd[46317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Nov 11 23:22:58 k8s-node1 sshd[46317]: Failed password for root from 192.168.40.1 port 21658 ssh2
Nov 11 23:23:02 k8s-node1 sshd[46317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Nov 11 23:23:03 k8s-node1 sshd[46317]: Failed password for root from 192.168.40.1 port 21658 ssh2
Nov 11 23:23:06 k8s-node1 sshd[46317]: error: Received disconnect from 192.168.40.1 port 21658:0:  [preauth]
Nov 11 23:23:06 k8s-node1 sshd[46317]: Disconnected from authenticating user root 192.168.40.1 port 21658 [preauth]
Nov 11 23:23:06 k8s-node1 sshd[46317]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.40.1  user=root

黑名单 /etc/hosts.deny

通过编辑 /etc/hosts.deny 文件，可以将IP添加黑名单，格式如下：

登录可见。

拒绝了所有sshd远程连接

登录可见。

白名单 /etc/hosts.allow

允许登录远程linux服务器的ip地址，格式如下：

登录可见。

备注：hosts.allow 的优先级高于 hosts.deny ，如果万一配置错了，就没办法登录远程的服务器了。在hosts.allow文件里需要多加几个自己使用的ip，比如家里的ip，公司ip，云服务商ip。如果配置错的话，目前我能想到的办法就只有重装系统了。