[问题]ubuntu下有无测试服务器安全的工具

Web、Mail、Ftp、DNS、Proxy、VPN、Samba、LDAP 等基础网络服务
回复
liseor
帖子: 3
注册时间: 2008-03-08 1:25
送出感谢: 0
接收感谢: 0

[问题]ubuntu下有无测试服务器安全的工具

#1

帖子 liseor » 2008-03-13 23:18

服务器安不安全自己现在搞不明白,请高手支抬,有没有这方面的资料,强烈建议推荐测试工具。
谢谢
头像
xenu
帖子: 8
注册时间: 2008-02-23 10:23
来自: AKL- NZ
送出感谢: 0
接收感谢: 0

#2

帖子 xenu » 2008-03-27 18:28

我也在发愁这个问题, 如果你有开SSH 服务的话, 强烈建议你经常去看看一个日志。

cat /var/log/auth.log

我的电脑经常用来自世界各地的不法份子,企图攻入。 : (

另外,可以用些sniffer 或者是port scan的工具检查一下都有什么开着。 如果是在ADSL上网就没有必要担心了,只要你的Modem不做固定的端口映射,就应该没有多大的问题。

不知道大家有谁知道,在terminal下有没有什么命令是看那个端口开着呢?
头像
xenu
帖子: 8
注册时间: 2008-02-23 10:23
来自: AKL- NZ
送出感谢: 0
接收感谢: 0

#3

帖子 xenu » 2008-03-27 18:30

看我的SSH log, 那个222.108.131.109 的电脑在run一个程序试图login到我的tty下。嗨!!!



Mar 27 22:00:47 ubuntu-ser sshd[9556]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:00:49 ubuntu-ser sshd[9556]: Failed password for invalid user mclee fr om 222.108.131.109 port 45729 ssh2
Mar 27 22:00:51 ubuntu-ser sshd[9558]: Invalid user le from 222.108.131.109
Mar 27 22:00:51 ubuntu-ser sshd[9558]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:00:51 ubuntu-ser sshd[9558]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:00:53 ubuntu-ser sshd[9558]: Failed password for invalid user le from 222.108.131.109 port 47241 ssh2
Mar 27 22:00:54 ubuntu-ser sshd[9560]: Invalid user le from 222.108.131.109
Mar 27 22:00:54 ubuntu-ser sshd[9560]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:00:54 ubuntu-ser sshd[9560]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:00:56 ubuntu-ser sshd[9560]: Failed password for invalid user le from 222.108.131.109 port 48825 ssh2
Mar 27 22:00:58 ubuntu-ser sshd[9562]: Invalid user le from 222.108.131.109
Mar 27 22:00:58 ubuntu-ser sshd[9562]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:00:58 ubuntu-ser sshd[9562]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:00 ubuntu-ser sshd[9562]: Failed password for invalid user le from 222.108.131.109 port 50418 ssh2
Mar 27 22:01:02 ubuntu-ser sshd[9566]: Invalid user wang from 222.108.131.109
Mar 27 22:01:02 ubuntu-ser sshd[9566]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:02 ubuntu-ser sshd[9566]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:03 ubuntu-ser sshd[9566]: Failed password for invalid user wang fro m 222.108.131.109 port 50743 ssh2
Mar 27 22:01:05 ubuntu-ser sshd[9569]: Invalid user wang from 222.108.131.109
Mar 27 22:01:05 ubuntu-ser sshd[9569]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:05 ubuntu-ser sshd[9569]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:07 ubuntu-ser sshd[9569]: Failed password for invalid user wang fro m 222.108.131.109 port 52307 ssh2
Mar 27 22:01:09 ubuntu-ser sshd[9571]: Invalid user wang from 222.108.131.109
Mar 27 22:01:09 ubuntu-ser sshd[9571]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:09 ubuntu-ser sshd[9571]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:11 ubuntu-ser sshd[9571]: Failed password for invalid user wang fro m 222.108.131.109 port 53868 ssh2
Mar 27 22:01:13 ubuntu-ser sshd[9574]: Invalid user rushprint from 222.108.131.1 09
Mar 27 22:01:13 ubuntu-ser sshd[9574]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:13 ubuntu-ser sshd[9574]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:15 ubuntu-ser sshd[9574]: Failed password for invalid user rushprin t from 222.108.131.109 port 55451 ssh2
Mar 27 22:01:17 ubuntu-ser sshd[9576]: Invalid user rushprint from 222.108.131.1 09
Mar 27 22:01:17 ubuntu-ser sshd[9576]: pam_unix(ssh:auth): check pass; user unkn own
头像
chisim
帖子: 40
注册时间: 2007-07-07 9:47
来自: 贰樓
送出感谢: 0
接收感谢: 0

#4

帖子 chisim » 2008-04-01 10:51

linux下可以用装个nmap,本机可以使用netstat。win下可以使用X-Scan扫漏洞。
auth.log里ssh的暴力破解一般都是用软件扫描的,只要把ssh的默认端口22改成1024以后,
随便一个没用的端口,auth.log里面就清净了。
头像
qiang_liu8183
论坛版主
帖子: 10691
注册时间: 2006-09-10 22:36
来自: 北京
送出感谢: 2 次
接收感谢: 6 次

#5

帖子 qiang_liu8183 » 2008-04-01 11:24

222.108.131.1韩国的哦,拉出nmap干他一把 :D
看破、放下、自在、随缘、念佛
真诚、清净、平等、正觉、慈悲
回复

回到 “服务器基础应用”