{"id":296314,"date":"2022-05-27T03:33:24","date_gmt":"2022-05-26T19:33:24","guid":{"rendered":"https:\/\/www.idc.net\/help\/296314\/"},"modified":"2022-05-27T03:33:24","modified_gmt":"2022-05-26T19:33:24","slug":"%e5%b7%a7%e7%94%a8recent%e6%a8%a1%e5%9d%97%e5%8a%a0%e5%9b%balinux%e5%ae%89%e5%85%a8","status":"publish","type":"post","link":"https:\/\/idc.net\/help\/296314\/","title":{"rendered":"\u5de7\u7528Recent\u6a21\u5757\u52a0\u56faLinux\u5b89\u5168"},"content":{"rendered":"<p>\u4f17\u6240\u5468\u77e5\uff0cLinux\u53ef\u4ee5\u901a\u8fc7\u7f16\u5199iptables\u89c4\u5219\u5bf9\u8fdb\u51faLinux\u4e3b\u673a\u7684\u6570\u636e\u5305\u8fdb\u884c\u8fc7\u6ee4\u7b49\u64cd\u4f5c\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u53ef\u4ee5\u63d0\u5347Linux\u4e3b\u673a\u7684\u5b89\u5168\u6027\uff0c\u5728\u65b0\u7248\u672c\u5185\u6838\u4e2d\uff0c\u65b0\u589e\u4e86recent\u6a21\u5757\uff0c\u8be5\u6a21\u5757\u53ef\u4ee5\u6839\u636e\u6e90\u5730\u5740\u3001\u76ee\u7684\u5730\u5740\u7edf\u8ba1\u6700\u8fd1\u4e00\u6bb5\u65f6\u95f4\u5185\u7ecf\u8fc7\u672c\u673a\u7684\u6570\u636e\u5305\u7684\u60c5\u51b5\uff0c\u5e76\u6839\u636e\u76f8\u5e94\u7684\u89c4\u5219\u4f5c\u51fa\u76f8\u5e94\u7684\u51b3\u7b56\uff0c\u8be6\u89c1\uff1ahttp:\/\/snowman.net\/projects\/ipt_recent\/<\/p>\n<p>1\u3001\u901a\u8fc7recent\u6a21\u5757\u53ef\u4ee5\u9632\u6b62\u7a77\u4e3e\u731c\u6d4bLinux\u4e3b\u673a\u7528\u6237\u53e3\u4ee4\uff0c\u901a\u5e38\u53ef\u4ee5\u901a\u8fc7iptables\u9650\u5236\u53ea\u5141\u8bb8\u67d0\u4e9b\u7f51\u6bb5\u548c\u4e3b\u673a\u8fde\u63a5Linux\u673a\u5668\u768422\/TCP\u7aef\u53e3\uff0c\u5982\u679c\u7ba1\u7406\u5458IP\u5730\u5740\u7ecf\u5e38\u53d8\u5316\uff0c\u6b64\u65f6iptables\u5c31\u5f88\u96be\u9002\u7528\u8fd9\u6837\u7684\u73af\u5883\u4e86\u3002\u901a\u8fc7\u4f7f\u7528recent\u6a21\u5757\uff0c\u4f7f\u7528\u4e0b\u9762\u8fd9\u4e24\u6761\u89c4\u5219\u5373\u53ef\u89e3\u51b3\u95ee\u9898\uff1a<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT<\/p>\n<p>\u5e94\u7528\u8be5\u89c4\u5219\u540e\uff0c\u5982\u679c\u67d0IP\u5730\u5740\u5728\u4e00\u5206\u949f\u4e4b\u5185\u5bf9Linux\u4e3b\u673a22\/TCP\u7aef\u53e3\u65b0\u53d1\u8d77\u7684\u8fde\u63a5\u8d85\u8fc74\u6b21\uff0c\u4e4b\u540e\u7684\u65b0\u53d1\u8d77\u7684\u8fde\u63a5\u5c06\u88ab\u4e22\u5f03\u3002<\/p>\n<p>2\u3001\u901a\u8fc7recent\u6a21\u5757\u53ef\u4ee5\u9632\u6b62\u7aef\u53e3\u626b\u63cf\u3002<\/p>\n<p>-A INPUT -m recent --update --seconds 60 --hitcount 20 --name PORTSCAN --rsource -j DROP<\/p>\n<p>-A INPUT -m recent --set --name PORTSCAN --rsource -j DROP<\/p>\n<p>\u5e94\u7528\u8be5\u89c4\u5219\u540e\uff0c\u5982\u679c\u67d0\u4e2aIP\u5730\u5740\u5bf9\u975eLinux\u4e3b\u673a\u5141\u8bb8\u7684\u7aef\u53e3\u53d1\u8d77\u8fde\u63a5\uff0c\u5e76\u4e14\u4e00\u5206\u949f\u5185\u8d85\u8fc720\u6b21\uff0c\u5219\u7cfb\u7edf\u5c06\u4e2d\u65ad\u8be5\u4e3b\u673a\u4e0e\u672c\u673a\u7684\u8fde\u63a5\u3002<\/p>\n<p>\u8be6\u7ec6\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n<p>*filter<\/p>\n<p>:INPUT DROP [0:0]<\/p>\n<p>:FORWARD ACCEPT [0:0]<\/p>\n<p>:OUTPUT ACCEPT [458:123843]<\/p>\n<p>-A INPUT -i lo -j ACCEPT<\/p>\n<p>-A INPUT -i tap+ -j ACCEPT<\/p>\n<p>-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<\/p>\n<p>-A INPUT -m recent --update --seconds 60 --hitcount 20 --name PORTSCAN --rsource -j DROP<\/p>\n<p>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT<\/p>\n<p>-A INPUT -p udp -m udp --dport 53 -j ACCEPT<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT<\/p>\n<p>-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT<\/p>\n<p>-A INPUT -m recent --set --name PORTSCAN --rsource -j DROP<\/p>\n<p>COMMIT<\/p>\n<p>\u4ee5\u4e0a\u914d\u7f6e\u8bf4\u660e\uff0c\u672c\u673a\u5f00\u653e\u53ef\u4f9b\u670d\u52a1\u7684\u7aef\u53e3\u670922\/TCP\uff08\u6709\u8fde\u63a5\u9891\u7387\u9650\u5236\uff09,53\/TCP\/UDP, 80\/TCP, 443\/TCP\uff0c\u6240\u6709\u53d1\u5f80\u672c\u673a\u7684\u5176\u4ed6ip\u62a5\u6587\u5219\u8ba4\u4e3a\u662f\u7aef\u53e3\u626b\u63cf\uff0c\u5982\u679c\u4e00\u5206\u949f\u4e4b\u5185\u8d85\u8fc720\u6b21\uff0c\u5219\u5c01\u7981\u8be5\u4e3b\u673a\uff0c\u653b\u51fb\u505c\u6b62\u4e00\u5206\u949f\u4ee5\u4e0a\u81ea\u52a8\u89e3\u5c01\u3002<\/p>\n<p>\u5728\u8fd9\u53ea\u662f\u53d6\u4e2a\u629b\u7816\u5f15\u7389\u7684\u4f5c\u7528\uff0c\u901a\u8fc7recent\u6a21\u5757\u8fd8\u53ef\u4ee5\u5b9e\u73b0\u5f88\u591a\u66f4\u590d\u6742\u7684\u529f\u80fd\uff0c\u4f8b\u5982\uff1a22\/TCP\u7aef\u53e3\u5bf9\u6240\u6709\u4e3b\u673a\u90fd\u662f\u5173\u95ed\u7684\uff0c\u901a\u8fc7\u987a\u5e8f\u8bbf\u95ee23\/TCP 24\/TCP 25\/TCP\u4e4b\u540e\uff0c22\/TCP\u7aef\u53e3\u5c31\u5bf9\u4f60\u4e00\u4e2aIP\u5730\u5740\u5f00\u653e\u7b49\u7b49\u3002<\/p>\n<p>\u3010\u7f16\u8f91\u63a8\u8350\u3011<\/p>\n<ol>\n<li>\u4f01\u4e1aLinux\u5b89\u5168\u673a\u5236\u906d\u9047\u4fe1\u4efb\u5371\u673a SELinux\u6210\u9a87\u5ba2\u5e2e\u51f6\uff1f <\/li>\n<li>Linux\u5b89\u5168\u8bbf\u95ee\u63a7\u5236\u6a21\u578b\u5e94\u7528\u53ca\u65b9\u6848\u8bbe\u8ba1\u3000<\/li>\n<li>Linux\u5b89\u5168\u653b\u7565 \u5982\u4f55\u624d\u80fd\u8ba9\u5185\u5b58\u4e0d\u518d\/\u6cc4\u6f0f<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>\u4f17\u6240\u5468\u77e5\uff0cLinux\u53ef\u4ee5\u901a\u8fc7\u7f16\u5199iptables\u89c4\u5219\u5bf9\u8fdb\u51faLinux\u4e3b\u673a\u7684\u6570\u636e\u5305\u8fdb\u884c\u8fc7\u6ee4\u7b49\u64cd\u4f5c\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u53ef [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[202645],"tags":[],"class_list":["post-296314","post","type-post","status-publish","format-standard","hentry","category-202645"],"_links":{"self":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts\/296314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/comments?post=296314"}],"version-history":[{"count":0,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts\/296314\/revisions"}],"wp:attachment":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/media?parent=296314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/categories?post=296314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/tags?post=296314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}