[FreeBSD] 安裝 sshit 設定教學

系統:FreeBSD 6.0-RELEASE 安裝方式: cd /usr/ports/security/sshit/ make install clean 設定檔 /usr/local/etc/sshit.conf # Sample configuration file of sshit.pl # We use pf as firewall on default 看你喜歡用什麼防火牆,我熟悉ipfw FIREWALL_TYPE = ipfw # Number of failed login attempts within time before we block MAX_COUNT = 3 # Time in seconds in which all failed login attempts must occur WITHIN_TIME = 60 # Time in seconds to block ip in firewall 失敗後禁止登入幾秒鐘 RESET_IP = 300 IPFW_CMD = /sbin/ipfw # Make sure you don't have any important rules here already IPFW_RULE_START = 2100 IPFW_RULE_END = 3100 IPFW2_CMD = /sbin/ipfw IPFW2_TABLE_NO = 0 PFCTL_CMD = /sbin/pfctl PF_TABLE = badhosts vi /etc/syslog.conf 加上 auth.info;authpriv.info |exec /usr/local/sbin/sshit 不過安裝好之後,照常裡來說可以使用,結果發現完全沒有效果 所以我去看了一下 sshit perl的這隻程式,跟官方網站提供的log檔資料 官方網log檔如下 Jul 23 05:30:51 sshd[36291]: Failed password for root from 200.204.175.122 port 48830 ssh2 Jul 23 05:30:51 sshit.pl: BLOCKING 200.204.175.122, rule 2100FreeBSD auth.log 檔如下
Oct 30 06:53:07 bbs sshd[13935]: error: PAM: authentication error for illegal user test from 163.29.208.2 Oct 30 06:53:07 bbs sshd[13935]: Failed keyboard-interactive/pam for invalid user test from 163.29.208.2 port 48102 ssh2 Oct 30 06:53:07 bbs sshit.pl: BLOCKING 163.29.208.2, rule 2101
發現freebsd的log檔,格式跟官方網不一樣,所以程式是正確的 ssh_patch檔 http://alumni.ee.ccu.edu.tw/~appleboy/patch/sshit_patch.txt 自行修改主機的port,這是預設值 http://anp.ath.cx/sshit/ http://blog.gfchen.org/2006/01/22/248/