Linux Security - Set up to block the blaster

Basic settings have the following steps: 1. Modify the ssh port number 2. Set the complex root password 3. Disable root remote login 4. Use the script to automatically deny the password error x times ip (this number of x can be defined according to the actual situation)

First give you a piece of code to detect if your vps has been brute force:

cat /var/log /secure| Awk '/Failed/{print $(NF-3)}'| Sort| Uniq -c| Awk '{print $2"="$1;}'

If the result of the query contains the result of "ip address=number”, then it means someone tried to crack your password.

The following describes how to change the ssh port number and how to disable root remote login:

First, change the ssh port number

VPS default ssh port is 22, use the following command to enter Configuration file

vi /etc/ssh/sshd_config

Find #port 22 Remove the previous #, and then modify the port port 12345 (the port here can be defined according to the actual situation) and then restart ssh Service

service sshd restart

Second, disable root login

Before disabling root login, you must first add a user with normal privileges and set the password

useradd testpasswd test

Then disable ROOT remote SSH login:

vi /etc/ssh/sshd_config

Change PermitRootLogin yes to PermitRootLogin no

If you have # in front of PermitRootLogin, you must also delete it, otherwise it will not take effect.

Restart sshd service

service sshd restart

We can connect to our vps through normal ssh account. If you need administrative rights, you can use the following command. Promote to root privileges

su root