dropbear加入安全機制 - Linux
By Enid
at 2015-02-06T16:56
at 2015-02-06T16:56
Table of Contents
各位版上前輩好,
我想用dropbear加入以下功能,
連續三次登入未能成功則阻擋該IP 30分鐘,
目前已下載dropbear souce code更改,
更改svr-auth.c與svr-main.c
svr-auth更改如下
if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
char * userstr;
/* XXX - send disconnect ? */
TRACE(("Max auth tries reached, exiting"))
if (ses.authstate.pw_name == NULL) {
userstr = "is invalid";
} else {
userstr = ses.authstate.pw_name;
}
dropbear_exit("Max auth tries reached - user '%s' from %s",
userstr, svr_ses.addrstring);
}
svr-main.c更改如下
/* child */
#ifdef DEBUG_FORKGPROF
extern void _start(void), etext(void);
monstartup((u_long)&_start, (u_long)&etext);
#endif /* DEBUG_FORKGPROF */
getaddrstring(&remoteaddr, NULL, &remote_port, 0);
dropbear_log(LOG_INFO, "Child connection from %s:%s",
remote_host, remote_port);
///Ignore connection here for 30 mins if you found 3 times login failure
m_free(remote_host);
m_free(remote_port);
#ifndef DEBUG_NOFORK
if (setsid() < 0) {
dropbear_exit("setsid: %s", strerror(errno));
}
#endif
/* make sure we close sockets */
for (i = 0; i < listensockcount; i++) {
m_close(listensocks[i]);
}
m_close(childpipe[0]);
/* start the session */
svr_session(childsock, childpipe[1]);
/* don't return */
dropbear_assert(0);
}
以上compile過後都未能新增這功能,
stack overflow則是有建議安裝fail2ban,
但我在openwrt底下這套軟體太過肥大暫不考慮
想請教版上前輩是否能指點我哪裡更改錯誤呢? 請多多指教 謝謝
--
我想用dropbear加入以下功能,
連續三次登入未能成功則阻擋該IP 30分鐘,
目前已下載dropbear souce code更改,
更改svr-auth.c與svr-main.c
svr-auth更改如下
if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
char * userstr;
/* XXX - send disconnect ? */
TRACE(("Max auth tries reached, exiting"))
if (ses.authstate.pw_name == NULL) {
userstr = "is invalid";
} else {
userstr = ses.authstate.pw_name;
}
dropbear_exit("Max auth tries reached - user '%s' from %s",
userstr, svr_ses.addrstring);
}
svr-main.c更改如下
/* child */
#ifdef DEBUG_FORKGPROF
extern void _start(void), etext(void);
monstartup((u_long)&_start, (u_long)&etext);
#endif /* DEBUG_FORKGPROF */
getaddrstring(&remoteaddr, NULL, &remote_port, 0);
dropbear_log(LOG_INFO, "Child connection from %s:%s",
remote_host, remote_port);
///Ignore connection here for 30 mins if you found 3 times login failure
m_free(remote_host);
m_free(remote_port);
#ifndef DEBUG_NOFORK
if (setsid() < 0) {
dropbear_exit("setsid: %s", strerror(errno));
}
#endif
/* make sure we close sockets */
for (i = 0; i < listensockcount; i++) {
m_close(listensocks[i]);
}
m_close(childpipe[0]);
/* start the session */
svr_session(childsock, childpipe[1]);
/* don't return */
dropbear_assert(0);
}
以上compile過後都未能新增這功能,
stack overflow則是有建議安裝fail2ban,
但我在openwrt底下這套軟體太過肥大暫不考慮
想請教版上前輩是否能指點我哪裡更改錯誤呢? 請多多指教 謝謝
--
Tags:
Linux
All Comments
By Olga
at 2015-02-08T14:00
at 2015-02-08T14:00
By Emily
at 2015-02-13T10:21
at 2015-02-13T10:21
By Dora
at 2015-02-15T01:36
at 2015-02-15T01:36
Related Posts
螢幕壞掉的手機可以怎麼玩
By Candice
at 2015-02-05T16:41
at 2015-02-05T16:41
如何讓webcam顯示更高的解析度?
By Madame
at 2015-02-05T13:47
at 2015-02-05T13:47
Ubuntu Server版是否有evrything光碟
By Brianna
at 2015-02-05T10:39
at 2015-02-05T10:39
OpenVPN帶XOR混淆
By Carolina Franco
at 2015-02-05T01:30
at 2015-02-05T01:30
scp 如何傳送連結檔
By Elizabeth
at 2015-02-04T15:48
at 2015-02-04T15:48