[问题]ubuntu下有无测试服务器安全的工具

liseor · #1

服务器安不安全自己现在搞不明白，请高手支抬，有没有这方面的资料，强烈建议推荐测试工具。
谢谢

xenu · #2

我也在发愁这个问题，如果你有开SSH 服务的话，强烈建议你经常去看看一个日志。

cat /var/log/auth.log

我的电脑经常用来自世界各地的不法份子，企图攻入。：（

另外，可以用些sniffer 或者是port scan的工具检查一下都有什么开着。如果是在ADSL上网就没有必要担心了，只要你的Modem不做固定的端口映射，就应该没有多大的问题。

不知道大家有谁知道，在terminal下有没有什么命令是看那个端口开着呢？

xenu · #3

看我的SSH log, 那个222.108.131.109 的电脑在run一个程序试图login到我的tty下。嗨！！！

Mar 27 22:00:47 ubuntu-ser sshd[9556]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:00:49 ubuntu-ser sshd[9556]: Failed password for invalid user mclee fr om 222.108.131.109 port 45729 ssh2
Mar 27 22:00:51 ubuntu-ser sshd[9558]: Invalid user le from 222.108.131.109
Mar 27 22:00:51 ubuntu-ser sshd[9558]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:00:51 ubuntu-ser sshd[9558]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:00:53 ubuntu-ser sshd[9558]: Failed password for invalid user le from 222.108.131.109 port 47241 ssh2
Mar 27 22:00:54 ubuntu-ser sshd[9560]: Invalid user le from 222.108.131.109
Mar 27 22:00:54 ubuntu-ser sshd[9560]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:00:54 ubuntu-ser sshd[9560]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:00:56 ubuntu-ser sshd[9560]: Failed password for invalid user le from 222.108.131.109 port 48825 ssh2
Mar 27 22:00:58 ubuntu-ser sshd[9562]: Invalid user le from 222.108.131.109
Mar 27 22:00:58 ubuntu-ser sshd[9562]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:00:58 ubuntu-ser sshd[9562]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:00 ubuntu-ser sshd[9562]: Failed password for invalid user le from 222.108.131.109 port 50418 ssh2
Mar 27 22:01:02 ubuntu-ser sshd[9566]: Invalid user wang from 222.108.131.109
Mar 27 22:01:02 ubuntu-ser sshd[9566]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:02 ubuntu-ser sshd[9566]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:03 ubuntu-ser sshd[9566]: Failed password for invalid user wang fro m 222.108.131.109 port 50743 ssh2
Mar 27 22:01:05 ubuntu-ser sshd[9569]: Invalid user wang from 222.108.131.109
Mar 27 22:01:05 ubuntu-ser sshd[9569]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:05 ubuntu-ser sshd[9569]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:07 ubuntu-ser sshd[9569]: Failed password for invalid user wang fro m 222.108.131.109 port 52307 ssh2
Mar 27 22:01:09 ubuntu-ser sshd[9571]: Invalid user wang from 222.108.131.109
Mar 27 22:01:09 ubuntu-ser sshd[9571]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:09 ubuntu-ser sshd[9571]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:11 ubuntu-ser sshd[9571]: Failed password for invalid user wang fro m 222.108.131.109 port 53868 ssh2
Mar 27 22:01:13 ubuntu-ser sshd[9574]: Invalid user rushprint from 222.108.131.1 09
Mar 27 22:01:13 ubuntu-ser sshd[9574]: pam_unix(ssh:auth): check pass; user unkn own
Mar 27 22:01:13 ubuntu-ser sshd[9574]: pam_unix(ssh:auth): authentication failur e; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.131.109
Mar 27 22:01:15 ubuntu-ser sshd[9574]: Failed password for invalid user rushprin t from 222.108.131.109 port 55451 ssh2
Mar 27 22:01:17 ubuntu-ser sshd[9576]: Invalid user rushprint from 222.108.131.1 09
Mar 27 22:01:17 ubuntu-ser sshd[9576]: pam_unix(ssh:auth): check pass; user unkn own

chisim · #4

linux下可以用装个nmap，本机可以使用netstat。win下可以使用X-Scan扫漏洞。
auth.log里ssh的暴力破解一般都是用软件扫描的，只要把ssh的默认端口22改成1024以后，
随便一个没用的端口，auth.log里面就清净了。

qiang_liu8183 · #5

222.108.131.1韩国的哦，拉出nmap干他一把 ${L_SMILIES_VERY_HAPPY}$