{"id":5383,"date":"2022-08-11T16:31:35","date_gmt":"2022-08-11T13:31:35","guid":{"rendered":"http:\/\/surgery.moscow\/smos\/?p=5383"},"modified":"2022-08-12T15:36:21","modified_gmt":"2022-08-12T12:36:21","slug":"%d0%b0%d0%b2%d1%82%d0%be%d0%bc%d0%b0%d1%82%d0%b8%d0%b7%d0%b0%d1%86%d0%b8%d1%8f-%d0%b1%d0%bb%d0%be%d0%ba%d0%b8%d1%80%d0%be%d0%b2%d0%ba%d0%b8-ssh-%d0%b7%d0%b0%d0%bf%d1%80%d0%be%d1%81%d0%be%d0%b2-%d1%81","status":"publish","type":"post","link":"https:\/\/surgery.moscow\/smos\/2022\/08\/11\/%d0%b0%d0%b2%d1%82%d0%be%d0%bc%d0%b0%d1%82%d0%b8%d0%b7%d0%b0%d1%86%d0%b8%d1%8f-%d0%b1%d0%bb%d0%be%d0%ba%d0%b8%d1%80%d0%be%d0%b2%d0%ba%d0%b8-ssh-%d0%b7%d0%b0%d0%bf%d1%80%d0%be%d1%81%d0%be%d0%b2-%d1%81\/","title":{"rendered":"\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 SSH \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e BASH : Centos8"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u0447\u043d\u044f \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445  IP \u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 SSH \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u043d\u0430 22 \u043f\u043e\u0440\u0442\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u0440\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0447\u0435\u0440\u0435\u0437 22 \u043f\u043e\u0440\u0442 \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 SSH , \u0438 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u0438\u0445 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438, \u043f\u0440\u0438\u043c\u0435\u0440 \u0434\u043b\u044f Centos8<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">(\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e SSH \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 <strong>22  <\/strong>\u043f\u043e\u0440\u0442\u0443) <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u0414\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0434\u0432\u0430 \u0441\u043a\u0440\u0438\u043f\u0442\u0430, \u043e\u0434\u0438\u043d \u0441\u043a\u0440\u0438\u043f\u0442 <strong>bad_ip.sh<\/strong>  \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c IP \u0430\u0434\u0440\u0435\u0441\u0430, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u0430 \u0434\u0440\u0443\u0433\u043e\u0439<strong> rules_ssh_ip_deny.sh<\/strong> \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u0440\u0430\u0432\u0438\u043b , \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u0430\u0432\u0438\u043b <strong>rich-rule<\/strong>  \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u0432 <strong>firewall-cmd <\/strong>, \u0434\u043b\u044f \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u0434\u043b\u044f \u043e\u0431\u043e\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 <strong>chmod +x<\/strong> .<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u0447\u0442\u043e\u0431\u044b \u0432\u0441\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e \u043f\u043e \u0440\u0430\u0441\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0432 <strong>crontab<\/strong> , \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 <strong>crontab -e <\/strong><br><br>(\u0432 \u043d\u0430\u0448\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 ,  \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0432 \u043a\u043e\u043d\u0435\u0432\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u043f\u0430\u043f\u043a\u0443 <strong>script<\/strong>, \u0432 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043c\u0435\u0449\u0430\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u0432\u0430 \u0444\u0430\u0439\u043b\u0430 <strong>bad_ip.sh<\/strong> \u0438 <strong>rules_ssh_ip_deny.sh<\/strong>)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>58 23 * * * \/scripts\/bad_ip.sh<br>59 23 * * * \/scripts\/rules_ssh_ip_deny.sh<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>bad_ip.sh<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#!\/bin\/bash\n\n# \u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 \u0441 \u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0435 \u0434\u0430\u0442\u0443\nIP_BLACKLIST=\"\/scripts\/blacklist-`date \"+%Y-%m-%d\"`.txt\"\n\n# \u0424\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\n\ngrep \"res=failed\" \/var\/log\/audit\/audit.log | grep terminal=ssh | cut -d\" \" -f 11 | sed 's\/addr=\/\/' | sed 's\/hostname=\/\/' | sort | uniq -c &gt;&gt; $IP_BLACKLIST\n\n\n# \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0442\u043e\u043b\u044c\u043a\u043e IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0438\u0437 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0435\u0433\u043e \u043b\u043e\u0433\u0430\nawk '{print $2}' $IP_BLACKLIST &gt;&gt; \/scripts\/blacklist-full.txt\n# \u041f\u043e\u0441\u043b\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u043c \u0438 \u0443\u0431\u0438\u0440\u0430\u0435\u043c \u043d\u0435 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430\ncat \/scripts\/blacklist-full.txt | sort | uniq &gt;&gt; \/scripts\/blacklist-full.txt.new\nrm \/scripts\/blacklist-full.txt\nmv \/scripts\/blacklist-full.txt.new \/scripts\/blacklist-full.txt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>rules_ssh_ip_deny.sh<\/strong>\n\n#!\/bin\/bash\n\nDENY_IP_FILENAME='\/scripts\/blacklist-full.txt'\n\nIPLIST=$(awk '{print $1}' ${DENY_IP_FILENAME})\n\n# \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0446\u0438\u043a\u043b \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0430\u0432\u0438\u043b \u0432 firewall-cmd --add-rich-rule\nfor IP in ${IPLIST}\ndo\n\n    firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"'${IP}'\" service name=ssh reject' ;\n\ndone<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u0415\u0441\u043b\u0438 \u0432\u0441\u0435 \u0441\u0434\u0435\u043b\u0430\u043b\u0438 \u0432\u0435\u0440\u043d\u043e , \u0442\u043e \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442\u044c \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f \u043a 22 \u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 (SSH \u0441\u0435\u0440\u0432\u0438\u0441\u0443), \u043d\u043e\u0432\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 IP \u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 22 \u043e\u0433\u043e \u043f\u043e\u0440\u0442\u0430.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435  <strong>rules_ssh_ip_deny.sh<\/strong> \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0435\u0433\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0440\u0442\u0430\u0445 , \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u043e\u0440\u0442\u044b\/\u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0442\u0430\u043a-\u0436\u0435 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 RDP \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 3389<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u0447\u043d\u044f \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 IP \u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 SSH \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u043d\u0430 22 \u043f\u043e\u0440\u0442\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u043f\u043e\u0434\u043e\u0431\u0440\u0430\u0442\u044c<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,12],"tags":[859,860,862,861],"class_list":["post-5383","post","type-post","status-publish","format-standard","hentry","category-computer","category-internet","tag-bash","tag-centos8","tag-firewall-cmd","tag-ssh"],"_links":{"self":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/5383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/comments?post=5383"}],"version-history":[{"count":27,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/5383\/revisions"}],"predecessor-version":[{"id":5435,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/5383\/revisions\/5435"}],"wp:attachment":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/media?parent=5383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/categories?post=5383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/tags?post=5383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}