Prosíme přihlašte se nebo zaregistrujte.

Přihlašte se svým uživatelským jménem a heslem.
Vaše pomoc je stále potřeba!

« předchozí další »
Stran: [1]

Autor Téma: Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.  (Přečteno 1845 krát)

Krysař

  • Stálý člen
  • **
  • Příspěvků: 1253
Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.
« kdy: 29 Března 2015, 22:26:31 »
Fujtajbl vespolek!
Nechapu, cim jsem se o to zaslouzil, ale nekdo ma zajem o moji malinu.
Pripadalo mi divne, ze ledka na routru blika jak blazniva, kdyz by nemel byt skoro zadny provoz na siti a nasel jsem zajimave cteni v auth.log - ukazka nize je starsi, ty novejsi zaznamy jsou velmi podobne, jen uz tam nejsou radky koncici "POSSIBLE BREAK-IN ATTEMPT!". Snazili se vydatne, celkova velikost auth.log.x je pres 80MiB (nekomprimovanych).
Zatim jsem zamezil pristupu zvenku, ale rad bych to zase zprovoznil. Takze bych se chtel zeptat znalych a zkusenych, co zkontrolovat a prohledat, jestli se nekam precejen nedostali.
A pripadne nejake rady jak zlepsit bezpecnost.
Diky, Jirka.

Kód: [Vybrat]
Mar  6 09:52:15 raspberrypi sshd[11636]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:15 raspberrypi sshd[11632]: Failed password for root from 218.65.30.107 port 57752 ssh2
Mar  6 09:52:15 raspberrypi sshd[11640]: Failed password for root from 183.136.216.4 port 35801 ssh2
Mar  6 09:52:16 raspberrypi sshd[11632]: Received disconnect from 218.65.30.107: 11:  [preauth]
Mar  6 09:52:16 raspberrypi sshd[11632]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:17 raspberrypi sshd[11640]: Failed password for root from 183.136.216.4 port 35801 ssh2
Mar  6 09:52:17 raspberrypi sshd[11644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:17 raspberrypi sshd[11640]: Received disconnect from 183.136.216.4: 11:  [preauth]
Mar  6 09:52:17 raspberrypi sshd[11640]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:18 raspberrypi sshd[11648]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar  6 09:52:19 raspberrypi sshd[11648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:19 raspberrypi sshd[11644]: Failed password for root from 103.41.124.37 port 45440 ssh2
Mar  6 09:52:20 raspberrypi sshd[11652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:20 raspberrypi sshd[11648]: Failed password for root from 218.65.30.107 port 53607 ssh2
Mar  6 09:52:21 raspberrypi sshd[11644]: Failed password for root from 103.41.124.37 port 45440 ssh2
Mar  6 09:52:22 raspberrypi sshd[11652]: Failed password for root from 183.136.216.4 port 36841 ssh2
Mar  6 09:52:22 raspberrypi sshd[11648]: Failed password for root from 218.65.30.107 port 53607 ssh2
Mar  6 09:52:23 raspberrypi sshd[11644]: Failed password for root from 103.41.124.37 port 45440 ssh2
Mar  6 09:52:23 raspberrypi sshd[11644]: Received disconnect from 103.41.124.37: 11:  [preauth]
Mar  6 09:52:23 raspberrypi sshd[11644]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:24 raspberrypi sshd[11652]: Failed password for root from 183.136.216.4 port 36841 ssh2
Mar  6 09:52:25 raspberrypi sshd[11648]: Failed password for root from 218.65.30.107 port 53607 ssh2
Mar  6 09:52:26 raspberrypi sshd[11648]: Received disconnect from 218.65.30.107: 11:  [preauth]
Mar  6 09:52:26 raspberrypi sshd[11648]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:26 raspberrypi sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:26 raspberrypi sshd[11652]: Failed password for root from 183.136.216.4 port 36841 ssh2
Mar  6 09:52:27 raspberrypi sshd[11652]: Received disconnect from 183.136.216.4: 11:  [preauth]
Mar  6 09:52:27 raspberrypi sshd[11652]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:27 raspberrypi sshd[11656]: Failed password for root from 103.41.124.37 port 38186 ssh2
Mar  6 09:52:28 raspberrypi sshd[11660]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar  6 09:52:28 raspberrypi sshd[11660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:29 raspberrypi sshd[11656]: Failed password for root from 103.41.124.37 port 38186 ssh2
Mar  6 09:52:30 raspberrypi sshd[11660]: Failed password for root from 218.65.30.107 port 46097 ssh2
Mar  6 09:52:32 raspberrypi sshd[11656]: Failed password for root from 103.41.124.37 port 38186 ssh2
Mar  6 09:52:32 raspberrypi sshd[11664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:32 raspberrypi sshd[11656]: Received disconnect from 103.41.124.37: 11:  [preauth]
Mar  6 09:52:32 raspberrypi sshd[11656]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:32 raspberrypi sshd[11660]: Failed password for root from 218.65.30.107 port 46097 ssh2
Mar  6 09:52:34 raspberrypi sshd[11664]: Failed password for root from 183.136.216.4 port 39557 ssh2
Mar  6 09:52:34 raspberrypi sshd[11668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:35 raspberrypi sshd[11660]: Failed password for root from 218.65.30.107 port 46097 ssh2
Mar  6 09:52:35 raspberrypi sshd[11660]: Received disconnect from 218.65.30.107: 11:  [preauth]
Mar  6 09:52:35 raspberrypi sshd[11660]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:36 raspberrypi sshd[11668]: Failed password for root from 103.41.124.37 port 57632 ssh2
Mar  6 09:52:37 raspberrypi sshd[11664]: Failed password for root from 183.136.216.4 port 39557 ssh2
Mar  6 09:52:37 raspberrypi sshd[11672]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar  6 09:52:37 raspberrypi sshd[11672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:39 raspberrypi sshd[11664]: Failed password for root from 183.136.216.4 port 39557 ssh2
Mar  6 09:52:39 raspberrypi sshd[11672]: Failed password for root from 218.65.30.107 port 37117 ssh2
Mar  6 09:52:39 raspberrypi sshd[11668]: Failed password for root from 103.41.124.37 port 57632 ssh2
Mar  6 09:52:39 raspberrypi sshd[11664]: Received disconnect from 183.136.216.4: 11:  [preauth]
Mar  6 09:52:39 raspberrypi sshd[11664]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:41 raspberrypi sshd[11672]: Failed password for root from 218.65.30.107 port 37117 ssh2
Mar  6 09:52:41 raspberrypi sshd[11668]: Failed password for root from 103.41.124.37 port 57632 ssh2
Mar  6 09:52:41 raspberrypi sshd[11668]: Received disconnect from 103.41.124.37: 11:  [preauth]
Mar  6 09:52:41 raspberrypi sshd[11668]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:42 raspberrypi sshd[11676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:44 raspberrypi sshd[11672]: Failed password for root from 218.65.30.107 port 37117 ssh2
Mar  6 09:52:44 raspberrypi sshd[11676]: Failed password for root from 183.136.216.4 port 48437 ssh2
Mar  6 09:52:44 raspberrypi sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:44 raspberrypi sshd[11672]: Received disconnect from 218.65.30.107: 11:  [preauth]
Mar  6 09:52:44 raspberrypi sshd[11672]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:46 raspberrypi sshd[11684]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar  6 09:52:46 raspberrypi sshd[11680]: Failed password for root from 103.41.124.37 port 50742 ssh2
Mar  6 09:52:46 raspberrypi sshd[11676]: Failed password for root from 183.136.216.4 port 48437 ssh2
Mar  6 09:52:46 raspberrypi sshd[11684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:48 raspberrypi sshd[11684]: Failed password for root from 218.65.30.107 port 55421 ssh2
Mar  6 09:52:48 raspberrypi sshd[11680]: Failed password for root from 103.41.124.37 port 50742 ssh2
Mar  6 09:52:49 raspberrypi sshd[11676]: Failed password for root from 183.136.216.4 port 48437 ssh2
Mar  6 09:52:49 raspberrypi sshd[11676]: Received disconnect from 183.136.216.4: 11:  [preauth]
Mar  6 09:52:49 raspberrypi sshd[11676]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:50 raspberrypi sshd[11680]: Failed password for root from 103.41.124.37 port 50742 ssh2
Mar  6 09:52:50 raspberrypi sshd[11680]: Received disconnect from 103.41.124.37: 11:  [preauth]
Mar  6 09:52:50 raspberrypi sshd[11680]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:51 raspberrypi sshd[11684]: Failed password for root from 218.65.30.107 port 55421 ssh2
Mar  6 09:52:52 raspberrypi sshd[11688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:52:53 raspberrypi sshd[11692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:52:54 raspberrypi sshd[11684]: Failed password for root from 218.65.30.107 port 55421 ssh2
Mar  6 09:52:54 raspberrypi sshd[11684]: Received disconnect from 218.65.30.107: 11:  [preauth]
Mar  6 09:52:54 raspberrypi sshd[11684]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:54 raspberrypi sshd[11688]: Failed password for root from 183.136.216.4 port 49553 ssh2
Mar  6 09:52:55 raspberrypi sshd[11692]: Failed password for root from 103.41.124.37 port 42568 ssh2
Mar  6 09:52:56 raspberrypi sshd[11696]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar  6 09:52:56 raspberrypi sshd[11696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:52:57 raspberrypi sshd[11688]: Failed password for root from 183.136.216.4 port 49553 ssh2
Mar  6 09:52:57 raspberrypi sshd[11692]: Failed password for root from 103.41.124.37 port 42568 ssh2
Mar  6 09:52:58 raspberrypi sshd[11696]: Failed password for root from 218.65.30.107 port 48168 ssh2
Mar  6 09:52:59 raspberrypi sshd[11688]: Failed password for root from 183.136.216.4 port 49553 ssh2
Mar  6 09:52:59 raspberrypi sshd[11692]: Failed password for root from 103.41.124.37 port 42568 ssh2
Mar  6 09:52:59 raspberrypi sshd[11688]: Received disconnect from 183.136.216.4: 11:  [preauth]
Mar  6 09:52:59 raspberrypi sshd[11688]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:53:00 raspberrypi sshd[11692]: Received disconnect from 103.41.124.37: 11:  [preauth]
Mar  6 09:53:00 raspberrypi sshd[11692]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:53:00 raspberrypi sshd[11696]: Failed password for root from 218.65.30.107 port 48168 ssh2
Mar  6 09:53:02 raspberrypi sshd[11704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:53:02 raspberrypi sshd[11696]: Failed password for root from 218.65.30.107 port 48168 ssh2
Mar  6 09:53:02 raspberrypi sshd[11700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:53:03 raspberrypi sshd[11696]: Received disconnect from 218.65.30.107: 11:  [preauth]
Mar  6 09:53:03 raspberrypi sshd[11696]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:53:04 raspberrypi sshd[11704]: Failed password for root from 103.41.124.37 port 35315 ssh2
Mar  6 09:53:04 raspberrypi sshd[11700]: Failed password for root from 183.136.216.4 port 52911 ssh2
Mar  6 09:53:06 raspberrypi sshd[11704]: Failed password for root from 103.41.124.37 port 35315 ssh2
Mar  6 09:53:07 raspberrypi sshd[11700]: Failed password for root from 183.136.216.4 port 52911 ssh2
Mar  6 09:53:08 raspberrypi sshd[11708]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar  6 09:53:08 raspberrypi sshd[11708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107  user=root
Mar  6 09:53:09 raspberrypi sshd[11704]: Failed password for root from 103.41.124.37 port 35315 ssh2
Mar  6 09:53:09 raspberrypi sshd[11704]: Received disconnect from 103.41.124.37: 11:  [preauth]
Mar  6 09:53:09 raspberrypi sshd[11704]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:53:09 raspberrypi sshd[11700]: Failed password for root from 183.136.216.4 port 52911 ssh2
Mar  6 09:53:09 raspberrypi sshd[11700]: Received disconnect from 183.136.216.4: 11:  [preauth]
Mar  6 09:53:09 raspberrypi sshd[11700]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:53:10 raspberrypi sshd[11708]: Failed password for root from 218.65.30.107 port 38268 ssh2
Mar  6 09:53:11 raspberrypi sshd[11712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37  user=root
Mar  6 09:53:12 raspberrypi sshd[11708]: Failed password for root from 218.65.30.107 port 38268 ssh2
Mar  6 09:53:13 raspberrypi sshd[11716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4  user=root
Mar  6 09:53:13 raspberrypi sshd[11712]: Failed password for root from 103.41.124.37 port 55986 ssh2
Mar  6 09:53:14 raspberrypi sshd[11716]: Failed password for root from 183.136.216.4 port 54550 ssh2
Mar  6 09:53:14 raspberrypi sshd[11708]: Failed password for root from 218.65.30.107 port 38268 ssh2
IP zaznamenána
„Nepropadejte naději, jste z nejhoršího vevnitř.“

Jakub Vaněk

  • Stálý člen
  • **
  • Příspěvků: 752
    • Web programátora a studenta Jakuba Vaňka
Re:Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.
« Odpověď #1 kdy: 29 Března 2015, 22:41:03 »
Nějaké základní tipy:
1) zakažte roota
2) na účty povolené v sshd dejte silné heslo
3) změntě port ssh z 22 na nějaký jiný a nastavte firewall (RPi nebo třeba i routerový), aby vše přes port 22 zkartoval.
4) pokud to RPi používáte jen vy, dejte si do firewallu na ssh port rozsah povolených IP. Lepší by bylo rovnou nastavit firewall routeru, aspoň to nebude zatěžovat zbytek sítě.
EDIT: Někde jsem četl něco o port knockingu, to je také další ztížení útoku.
« Poslední změna: 29 Března 2015, 22:50:05 od Jakub Vaněk »
IP zaznamenána
Notebook: Lenovo Thinkpad X200, Xubuntu 16.04

donny

  • Závislák
  • ***
  • Příspěvků: 1861
Re:Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.
« Odpověď #2 kdy: 29 Března 2015, 22:44:12 »
Ja jsem to resil tak, ze jsem zakazal komunikaci s urcitymi zememi (afghanistan, cina, indie, iran, rusko atd.) a jeste zablokoval "zname firmy" podle seznamu Spamhaus Project. Viz prilozeny soubor, jsou tam nejaky seznamy a dva skripty, ktery nastavi pravidla v iptables. Snad to pomuze, jen si je uprav podle sebe, ja to mam v /root
« Poslední změna: 29 Března 2015, 22:46:23 od donny »
IP zaznamenána
archlinux @ i7-6700/GTX1080 8G/32G DDR4/.5TB NVMe/WD RED 3TB | Raspbian 8 @ Raspberry Pi
Ever tried. Ever failed. No matter. Try again. Fail again. Fail better!

donny

  • Závislák
  • ***
  • Příspěvků: 1861
Re:Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.
« Odpověď #3 kdy: 29 Března 2015, 22:50:42 »
Jo a jeste jedna dulezita vec - neprihlasovat se heslem, ale soukromym klicem, a samozrejme zakazat prihlaseni heslem. Viz napr. https://wiki.archlinux.org/index.php/SSH_keys
IP zaznamenána
archlinux @ i7-6700/GTX1080 8G/32G DDR4/.5TB NVMe/WD RED 3TB | Raspbian 8 @ Raspberry Pi
Ever tried. Ever failed. No matter. Try again. Fail again. Fail better!

ntz_reloaded

  • Lokaj
  • Závislák
  • ***
  • Příspěvků: 3735
  • skill :: ur home erly
Re:Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.
« Odpověď #4 kdy: 30 Března 2015, 01:03:54 »
procti si prosim `man sshd_config'
IP zaznamenána
tikejte mi, taky Vam tikam ...
song of the day - openSUSE, openindiana, DuckDuckGo
The noise ain't noise anymore, who's to blame, WHO'S TO BLAME ??

UfoNet

  • Stálý člen
  • **
  • Příspěvků: 559
  • skill:Ctrl+C & Ctrl+V
Re:Prosim o radu se zabezpecenim - snazi se mi dostat do systemu.
« Odpověď #5 kdy: 30 Března 2015, 15:14:47 »
Já bych to řešil firewallem a povolil na ssh pouze spojení z důvěryhodných IP adres. Nemá smysl mít ten port otevřený do celého internetu, možnosti je samozřejmě více
IP zaznamenána
Mluvit o Linuxu nestačí, lepší je, když si s Linuxem budou děti hrát. Nebudou se ho bát.
Stran: [1]
« předchozí další »
 

Provoz zaštiťuje spolek OpenAlt.