让傀儡机去洗洗睡吧

DenyHosts在这里.

sshd:
Authentication Failures:
unknown (124.124.59.60): 8496 Time(s)
root (124.124.59.60): 1166 Time(s)
mail (124.124.59.60): 67 Time(s)
mysql (124.124.59.60): 67 Time(s)
nobody (124.124.59.60): 62 Time(s)
……

“我最讨厌你们这些劫匪了,一点技术含量都没有。” 当你看到某人或某傀儡机一遍一遍又一遍的蒙你的登录账号(俗称暴力破解), 你也会这么想吧.

Google了一下, 原来Centos已经包含了简单且有效的解决方案. 如果还没有安装DenyHosts可以一步安装:

sudo yum install denyhosts

缺省配置(/etc/denyhosts.conf)基本可用, 改一下接收报告的Email地址, 就启动吧:

sudo chkconfig –levels 2345 denyhosts on
sudo service denyhosts start

首次启动可能时间长一些, 因为要分析全部的日志文件. 之后, 和那些”别有用心”的肉机傀儡机说再见吧.

Added the following hosts to /etc/hosts.deny:

111.68.108.6 (111.68.108.6.pern.pk)
115.92.190.222 (unknown)
218.14.203.206 (unknown)
41.204.167.5 (unknown)
187.17.73.102 (187-17-73-102.whservidor.com)
59.50.43.234 (unknown)
119.147.105.247 (unknown)
174.142.111.44 (ip-174-142-111-44.static.privatedns.com)
123.125.127.132 (unknown)
203.126.53.110 (unknown)
202.198.8.54 (unknown)
222.236.46.222 (unknown)
124.124.59.60 (unknown)
118.219.234.163 (unknown)
218.29.203.4 (hn.kd.ny.adsl)
222.141.118.117 (hn.kd.ny.adsl)
173.234.224.16 (ns0.rlookuphost.com)
213.5.67.2 (hosted-by.altushost.com)
202.111.175.123 (unknown)
……

笔记: 使用CLI升级Centos

公司在香港的服务器虽然运行平稳, 但一直都没有升级, 版本还是Centos 5.3. 而现在5.5都出来好久了. 于是我打算给它升级了.

参考链接: Centos 5.4 is out! Upgrade centos 5.3 to 5.4

运行命令如下:

yum clean all
yum update glibc\*
yum update yum\* rpm\* python\*
yum clean all
yum update
shutdown -r now

成功重启后, 检查一下版本号:

cat /etc/redhat-release

PS. 香港网络很快. 几百个MB的文件, 几分钟搞定了 😀

给Centos安装Nginx

10172022

Centos的缺省软件源里竟然没有Nginx,真让我感到意外了。还好,参考一下,办法还是现成的。

Red Hat Enterprise Linux / CentOS Linux Enable EPEL (Extra Packages for Enterprise Linux) Repository

还是做个笔记吧:

# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

之后就可以yum install nginx啦。 🙂

UPDATE. 现在已经是release-5-4了, 不过不是什么问题吧.

UPDATE2. 查看Centos版本:

# cat /etc/*release*

查看Centos是32bit还是64bit版本:

# uname -a
… 2.6.18-028stab070.14 #1 SMP Thu Nov 18 16:04:02 MSK 2010 i686 i686 i386 GNU/Linux << 32bit

UPDATE3. 将CentOS标配PHP5.1.x升级到5.2.x, 因为Joomla1.6什么的会用到. http://wiki.centos.org/HowTos/PHP_5.1_To_5.2

 

#/etc/yum.repos.d/CentOS-Testing.repo
# CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php*

然后yum update就可以了. 😀