谁在试图暴力破解我的密码?

tag-icon tag-icon ssh security cron logs
谁在试图暴力破解我的密码?

我正在查看服务器上的日志文件,发现以下几行/var/log/.auth.log.1::

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruse      r= rhost=218.87.109.156  user=root
Failed password for root from 218.87.109.156 port 7612 ssh2
message repeated 5 times: [ Failed password for root from 218.87.109.156 port 7      612 ssh2]
error: maximum authentication attempts exceeded for root from 218.87.109.156 po      rt 7612 ssh2 [preauth]
Disconnecting: Too many authentication failures [preauth]
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=      218.87.109.156  user=root
PAM service(sshd) ignoring max retries; 6 > 3
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruse      r= rhost=218.87.109.156  user=root
Failed password for root from 218.87.109.156 port 50092 ssh2
message repeated 5 times: [ Failed password for root from 218.87.109.156 port 5      0092 ssh2]
Failed password for invalid user service from 188.187.119.158 port 52722 ssh2
pam_unix(sshd:auth): check pass; user unknown
Failed password for root from 113.195.145.79 port 6500 ssh2
Received disconnect from 121.18.238.39 port 58070:11:  [preauth]
Failed password for root from 121.18.238.119 port 57538 ssh2
Failed password for root from 121.18.238.39 port 57268 ssh2
Failed password for root from 121.18.238.106 port 34360 ssh2
Disconnected from 92.222.216.31 port 58960 [preauth]
Invalid user truman from 92.222.216.31
Received disconnect from 92.222.216.31 port 33922:11: Normal Shutdown, Thank you       for playing [preauth]
input_userauth_request: invalid user truman [preauth]

并且它一直这样持续数千行!

而且我还有以下地方:

Nov 30 13:17:01 Aran CRON[6038]: pam_unix(cron:session): session opened for user root by (uid=0)

这里的 CRON 是什么意思?有人能给我解释一下这些日志是什么吗?我处于危险之中吗?我应该怎么做才能让自己更安全?

答案1

所有这些尝试登录都是针对 root 用户的,因此看起来只是通过 SSH 进行的基本暴力破解尝试。

面向公众的服务器每天遭受大量 SSH 暴力攻击是完全正常的。这是生活中的现实。您可以开始向拥有 IP 地址的 ISP 报告这些攻击,但这只是打地鼠,您不会有太大的改变。他们在互联网上使用受感染的计算机和/或托管他们使用虚假信息注册的帐户。

如果每个人都决定禁用通过 SSH 的 root 登录,和/或要求 root(或所有人)使用基于密钥的登录,情况就会有所不同。只要您执行了其中一项,暴力破解尝试基本上就无效了。但由于仍有足够多的人启用普通 root 登录,并使用可猜测的密码,因此这些攻击仍在继续。

一些人建议的另一件事是将 SSH 守护程序切换到非标准端口号。这实际上不会带来显著的安全优势,但它会减少访问日志文件的尝试次数。

至于您的第二个问题,这只是 Cron 运行,它是运行计划任务的程序。所有系统都默认配置了一堆计划任务。由于 cron 可以以不同的用户身份运行不同的任务,因此它使用 pam_unix 来处理启动用户会话,即使是 root 用户,所以这就是它出现在该日志中的原因。

答案2

这个答案实际上并不能回答谁试图登录您的主机,但它可以让您了解此人来自哪里。还有助于防止黑客进入您的主机。

如果您要使用密码通过 ssh 登录,则应采取一些预防措施,以防有人试图入侵您的系统。就我个人而言,我喜欢使用fail2ban,然后我编写了自己的脚本,该脚本使用iptablesipset。我使用后者完全阻止国家/地区 IP 通过端口 22 进入我的主机。我还安装了geoiplookup一种方法来查看 IP 来自何处,以决定是否要阻止该国家/地区。下面的脚本从中获取 IP 集ipdeny.com。由于我大部分时间都保持端口 22 开放,因此它大大减少了对我的主机的尝试次数。

安装fail2ban

sudo apt install fail2ban

通常使用fail2ban默认设置即可。如果要更改它们,请确保复制/etc/fail2ban/jail.conf/etc/fail2ban/jail.local修改jail.local您创建的文件。您还可以在/var/log/fail2ban.log文件中看到失败的尝试。

安装geoiplookup

sudo apt install geoip-bin

然后你就可以看到 IP 地址来自哪里了。

~$ geoiplookup 218.87.109.156
GeoIP Country Edition: CN, China

我编写的国家封锁脚本。

国家封锁所需的应用程序是ipset。此应用程序允许iptables使用 IP 块,而不是在检查 状态时显示每个单独的 IP 地址iptables

sudo apt install ipset

我确信有很多东西可以清理。我将其放在我的主文件夹中的脚本子文件夹中,并将其命名为country_block.bsh由于脚本对其进行了更改,因此iptables必须从 调用sudo 我确实将检查添加到了脚本中。我最近对脚本做了一些更改,以拒绝数据包而不是丢弃数据包,因此连接会立即断开。

#!/bin/bash

function custom(){
    echo "Removing CUSTOM_IP set..."
    prts=$(iptables -nvL INPUT | awk '/CUSTOM_IP/ {print $15}')
    iptables -D INPUT -p tcp -m set --match-set CUSTOM_IP src -m multiport --dport ${prts} -j REJECT 2>/dev/null
    ipset destroy CUSTOM_IP
    ipset -N CUSTOM_IP hash:net
    echo "Creating CUSTOM_IP set..."
    for i in $(cat custom.zone); do ipset -A CUSTOM_IP $i; done
    echo "Creating rules for CUSTOM_IP set..."
    iptables -A INPUT -p tcp -m set --match-set CUSTOM_IP src -m multiport --dports ${ports} -j REJECT
}

function tablecheck(){
    iptables -S INPUT | grep -v ACCEPT 
}

# Check for ipset
which ipset >/dev/null
case $? in
1) echo "ipset not found on system.  Please install ipset application."
echo "This is normally installed by sudo apt install ipset"
exit 1;;
0);;
esac


# Check for root
if [ "$EUID" -ne 0 ]; then
  echo "Please run this script as root"
  exit 1
fi

# Set ports
#ports=21,22,10000
ports=22,10000

# Check for country codes, if none, print list.
if [[ $@ == "" ]]; then
    curl -k https://www.ipdeny.com/ipblocks/ 2>/dev/null | grep "<td>" | awk -F'<p>' '{print $2}' | awk -F'[' '{print $1}' | grep -v -e '^$'
    echo "Choose any of the countries by typing in the two letter code between the ( )."
    exit
fi

if [[ $1 == "custom" ]]; then
    if [ ! -f custom.zone ]; then
        echo "Missing custom.zone file.  Please create custom.zone file with IP addresses for blocking."
        exit
    fi
    custom
    tablecheck
    exit
fi


#Set ISO to country code(s).
ISO=$@

#Start Loop for country IP blocks and creating IPTABLES chain(s).
for c in $ISO; do

    #Convert to lowercase.  If already lowercase, ignored.
    c=$(echo $c | awk '{print tolower($0)}')
    #Match code to country name
    country=$(curl -k https://www.ipdeny.com/ipblocks/ 2>/dev/null | grep \($(echo $c | awk '{print toupper($0)}')\) | awk -F'<p>' '{print $2}' | awk -F'(' '{print $1}' | sed 's/ //g' | sed 's/,//g')

    # Truncate to 31 characters if too long.
    country=${country:0:31}
    echo "Got country $country..."

    echo "Removing Existing Rule for $country (if any)..."
    prts=$(iptables -nvL INPUT | grep "$country" | awk '{print $15}')
    iptables -D INPUT -p tcp -m set --match-set "$country" src -m multiport --dport ${prts} -j REJECT 2>/dev/null
    ipset destroy $country
    ipset -N $country hash:net
    rm $c.zone 2>/dev/null

    echo "Downloading IP block for $country..."
    wget --no-check-certificate -P . https://www.ipdeny.com/ipblocks/data/aggregated/$c-aggregated.zone 2>/dev/null
    echo "Checking for invalid IP ranges in $country zone..."
    for i in $(seq 1 7); do grep "/$i$" $c-aggregated.zone; if [[ $? == "0" ]]; then sed -i "s/\/${i}$/\/24/" $c-aggregated.zone; echo "Fixed..."; fi; done
    echo "Creating iptable block for $country..."
    for i in $(cat $c-aggregated.zone); do ipset -A "$country" $i; done

    echo "Adding rule to firewall..."
    iptables -A INPUT -p tcp -m set --match-set "$country" src -m multiport --dports ${ports} -j REJECT

    echo "Added Firewall Rule for $country"
    rm $c-aggregated.zone 2>/dev/null
done

if [[ $# == "1" || $1 -ne "custom" ]]; then
    tablecheck
else
    if [ ! -f custom.zone ]; then
        echo "Missing custom.zone file.  Please create custom.zone file with IP addresses for blocking."
        tablecheck
        exit
    fi
    custom
fi

if [[ $# -ne "1" ]]; then
    tablecheck
fi

#iptables -S INPUT | grep -v ACCEPT

确保使脚本可执行(chmod +x country_block.bsh)。然后,您可以custom.zone在与文件相同的文件夹中创建一个country_block.bsh,其中包含可能反复尝试入侵系统的 IP。在/32IP 地址末尾添加一个,例如256.99.265.106/32。添加您自己的自定义 IP 后,您只需运行以下命令即可重新加载它们:

sudo ./country_block.bsh custom

注意不要封锁你自己的国家或者你自己的公共IP。

另外,请注意不要阻止任何其他未开放的端口。如果您阻止端口 80,则当您访问来自该国的网站时,该网站可能无法加载,因为它无法通过端口 80 返回您的系统。

然后,我在主文件夹中创建了另一个脚本,cb_update.bsh其中包含我想要阻止的所有国家:

#!/bin/bash

cd /home/terrance/scripts/
./country_block.bsh cn ru nl de dk fr id ie it kr sg tw vn br ua pt il gb jp pk ar co fi in

如果您想要阻止除您所在国家/地区之外的所有国家/地区,请将上述行更改为以下内容,并确保在行" "末尾添加您所在的国家/地区,以从列表中删除您所在的国家/地区:

./country_block.bsh $(./country_block.bsh | awk -F '[()]' '{print $(NF-1)}' | grep -v "US")

然后我将以下几行添加到我的/etc/crontab文件中。每次系统重启时都会覆盖它,并在凌晨 01:05 更新列表。

$ cat /etc/crontab

@reboot     root    /bin/bash -c 'sleep 20 && /home/terrance/cb_update.bsh'
01 05   * * *   root    /home/terrance/cb_update.bsh

如果你单独运行该脚本,它将为你提供国家代码:

terrance@terrance-ubuntu:~/scripts$ sudo ./country_block.bsh 
AFGHANISTAN (AF) 
LAND ISLANDS (AX) 
ALBANIA (AL) 
ALGERIA (DZ) 
AMERICAN SAMOA (AS) 
ANDORRA (AD) 
ANGOLA (AO) 
ANGUILLA (AI) 
ANTIGUA AND BARBUDA (AG) 
ARGENTINA (AR) 
ARMENIA (AM) 
ARUBA (AW) 
AUSTRALIA (AU) 
AUSTRIA (AT) 
AZERBAIJAN (AZ) 
BAHAMAS (BS) 
BAHRAIN (BH) 
BANGLADESH (BD) 
BARBADOS (BB) 
BELARUS (BY) 
BELGIUM (BE) 
BELIZE (BZ) 
BENIN (BJ) 
BERMUDA (BM) 
BHUTAN (BT) 
BOLIVIA (BO) 
BOSNIA AND HERZEGOVINA (BA) 
BOTSWANA (BW) 
BRAZIL (BR) 
BRITISH INDIAN OCEAN TERRITORY (IO) 
BRUNEI DARUSSALAM (BN) 
BULGARIA (BG) 
BURKINA FASO (BF) 
BURUNDI (BI) 
CAMBODIA (KH) 
CAMEROON (CM) 
CANADA (CA) 
CAPE VERDE (CV) 
CAYMAN ISLANDS (KY) 
CENTRAL AFRICAN REPUBLIC (CF) 
CHAD (TD) 
CHILE (CL) 
CHINA (CN) 
COLOMBIA (CO) 
COMOROS (KM) 
CONGO (CG) 
CONGO, THE DEMOCRATIC REPUBLIC OF THE (CD) 
COOK ISLANDS (CK) 
COSTA RICA (CR) 
COTE D'IVOIRE (CI) 
CROATIA (HR) 
CUBA (CU) 
CYPRUS (CY) 
CZECH REPUBLIC (CZ) 
DENMARK (DK) 
DJIBOUTI (DJ) 
DOMINICA (DM) 
DOMINICAN REPUBLIC (DO) 
ECUADOR (EC) 
EGYPT (EG) 
EL SALVADOR (SV) 
EQUATORIAL GUINEA (GQ) 
ERITREA (ER) 
ESTONIA (EE) 
ETHIOPIA (ET) 
FAROE ISLANDS (FO) 
FIJI (FJ) 
FINLAND (FI) 
FRANCE (FR) 
FRENCH GUIANA (GF) 
FRENCH POLYNESIA (PF) 
GABON (GA) 
GAMBIA (GM) 
GEORGIA (GE) 
GERMANY (DE) 
GHANA (GH) 
GIBRALTAR (GI) 
GREECE (GR) 
GREENLAND (GL) 
GRENADA (GD) 
GUADELOUPE (GP) 
GUAM (GU) 
GUATEMALA (GT) 
GUINEA (GN) 
GUINEA-BISSAU (GW) 
GUYANA (GY) 
HAITI (HT) 
HOLY SEE (VATICAN CITY STATE) (VA) 
HONDURAS (HN) 
HONG KONG (HK) 
HUNGARY (HU) 
ICELAND (IS) 
INDIA (IN) 
INDONESIA (ID) 
IRAN, ISLAMIC REPUBLIC OF (IR) 
IRAQ (IQ) 
IRELAND (IE) 
ISLE OF MAN (IM) 
ISRAEL (IL) 
ITALY (IT) 
JAMAICA (JM) 
JAPAN (JP) 
JERSEY (JE) 
JORDAN (JO) 
KAZAKHSTAN (KZ) 
KENYA (KE) 
KIRIBATI (KI) 
KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF (KP) 
KOREA, REPUBLIC OF (KR) 
KUWAIT (KW) 
KYRGYZSTAN (KG) 
LAO PEOPLE'S DEMOCRATIC REPUBLIC (LA) 
LATVIA (LV) 
LEBANON (LB) 
LESOTHO (LS) 
LIBERIA (LR) 
LIBYAN ARAB JAMAHIRIYA (LY) 
LIECHTENSTEIN (LI) 
LITHUANIA (LT) 
LUXEMBOURG (LU) 
MACAO (MO) 
MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF (MK) 
MADAGASCAR (MG) 
MALAWI (MW) 
MALAYSIA (MY) 
MALDIVES (MV) 
MALI (ML) 
MALTA (MT) 
MARSHALL ISLANDS (MH) 
MARTINIQUE (MQ) 
MAURITANIA (MR) 
MAURITIUS (MU) 
MAYOTTE (YT) 
MEXICO (MX) 
MICRONESIA, FEDERATED STATES OF (FM) 
MOLDOVA, REPUBLIC OF (MD) 
MONACO (MC) 
MONGOLIA (MN) 
MONTENEGRO (ME) 
MONTSERRAT (MS) 
MOROCCO (MA) 
MOZAMBIQUE (MZ) 
MYANMAR (MM) 
NAMIBIA (NA) 
NAURU (NR) 
NEPAL (NP) 
NETHERLANDS (NL) 
NEW CALEDONIA (NC) 
NEW ZEALAND (NZ) 
NICARAGUA (NI) 
NIGER (NE) 
NIGERIA (NG) 
NIUE (NU) 
NORFOLK ISLAND (NF) 
NORTHERN MARIANA ISLANDS (MP) 
NORWAY (NO) 
OMAN (OM) 
PAKISTAN (PK) 
PALAU (PW) 
PALESTINIAN TERRITORY, OCCUPIED (PS) 
PANAMA (PA) 
PAPUA NEW GUINEA (PG) 
PARAGUAY (PY) 
PERU (PE) 
PHILIPPINES (PH) 
POLAND (PL) 
PORTUGAL (PT) 
PUERTO RICO (PR) 
QATAR (QA) 
REUNION (RE) 
ROMANIA (RO) 
RUSSIAN FEDERATION (RU) 
RWANDA (RW) 
SAINT KITTS AND NEVIS (KN) 
SAINT LUCIA (LC) 
SAINT PIERRE AND MIQUELON (PM) 
SAINT VINCENT AND THE GRENADINES (VC) 
SAMOA (WS) 
SAN MARINO (SM) 
SAO TOME AND PRINCIPE (ST) 
SAUDI ARABIA (SA) 
SENEGAL (SN) 
SERBIA (RS) 
SEYCHELLES (SC) 
SIERRA LEONE (SL) 
SINGAPORE (SG) 
SLOVAKIA (SK) 
SLOVENIA (SI) 
SOLOMON ISLANDS (SB) 
SOMALIA (SO) 
SOUTH AFRICA (ZA) 
SPAIN (ES) 
SRI LANKA (LK) 
SUDAN (SD) 
SURINAME (SR) 
SWAZILAND (SZ) 
SWEDEN (SE) 
SWITZERLAND (CH) 
SYRIAN ARAB REPUBLIC (SY) 
TAIWAN (TW) 
TAJIKISTAN (TJ) 
TANZANIA, UNITED REPUBLIC OF (TZ) 
THAILAND (TH) 
TIMOR-LESTE (TL) 
TOGO (TG) 
TOKELAU (TK) 
TONGA (TO) 
TRINIDAD AND TOBAGO (TT) 
TUNISIA (TN) 
TURKEY (TR) 
TURKMENISTAN (TM) 
TURKS AND CAICOS ISLANDS (TC) 
TUVALU (TV) 
UGANDA (UG) 
UKRAINE (UA) 
UNITED ARAB EMIRATES (AE) 
UNITED KINGDOM (GB) 
UNITED STATES (US) 
UNITED STATES MINOR OUTLYING ISLANDS (UM) 
URUGUAY (UY) 
UZBEKISTAN (UZ) 
VANUATU (VU) 
VENEZUELA (VE) 
VIET NAM (VN) 
VIRGIN ISLANDS, BRITISH (VG) 
VIRGIN ISLANDS, U.S. (VI) 
WALLIS AND FUTUNA (WF) 
YEMEN (YE) 
ZAMBIA (ZM) 
ZIMBABWE (ZW) 
Choose any of the countries by typing in the two letter code between the ( ).

然后,您可以随时检查系统可能发生的攻击。

$ sudo iptables -nvL INPUT
Chain INPUT (policy ACCEPT 9523 packets, 3125K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
    0     0 f2b-proftpd  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21,20,990,989
 2847  170K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
   12   548 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set CHINA src multiport dports 22,10000
    4   176 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set RUSSIANFEDERATION src multiport dports 22,10000
    1    44 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set NETHERLANDS src multiport dports 22,10000
    2    88 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set GERMANY src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set DENMARK src multiport dports 22,10000
  157  8156 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set FRANCE src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set INDONESIA src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set IRELAND src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ITALY src multiport dports 22,10000
    4   180 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set KOREAREPUBLICOF src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set SINGAPORE src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set TAIWAN src multiport dports 22,10000
  947 48804 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set VIETNAM src multiport dports 22,10000
    2    92 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set BRAZIL src multiport dports 22,10000
    6   264 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set UKRAINE src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set PORTUGAL src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ISRAEL src multiport dports 22,10000
    3   180 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set UNITEDKINGDOM src multiport dports 22,10000
    1    44 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set JAPAN src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set PAKISTAN src multiport dports 22,10000
    2    88 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ARGENTINA src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set COLOMBIA src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set FINLAND src multiport dports 22,10000
    4   188 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set INDIA src multiport dports 22,10000
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set CUSTOM_IP src multiport dports 22,10000

希望这可以帮助!

答案3

除非你拥有国家层面的控制权/访问权,可以访问服务器上的所有计算机/网络,否则从功能上来说,找到登录尝试背后的人是不可能的。不过,你可以努力强化你的服务器。参见,如何强化 SSH 服务器?, 和怎样才能确保 Ubuntu 服务器的安全?

答案4

我赞同大多数人的说法,但根据我的经验,如今大多数 SSH 暴力攻击都是分布式攻击(来自数百或数千个不同的 IP 地址,很少或没有重复),因此像这样的软件包fail2ban不再像以前那么有用了。

基本预防措施包括:

  • 使用防火墙来断ufw开除允许端口之外的所有端口的连接
  • 使用端口 22 以外的非标准端口。这极大地减少了日志噪音。
  • 不允许 root 通过 SSH 登录(确保/etc/ssh/sshd_configroot 登录行显示PermitRootLogin no
  • 特别将允许登录的用户列入白名单(AllowUsers myuser
  • 不允许密码登录,请改用 SSH 密钥(参见本文)。最好为密钥设置密码,除非您需要自动访问。

您还可以做很多其他事情,只需查找有关 SSH 强化的文章即可。本质上,如果您使用 2048 位或 4096 位密钥,则没有人能够对其进行暴力破解。

正如已经指出的,每次系统启动计划作业时(每当 CRON 运行时),都会自动创建 CRON 条目。

您还可以查看诸如logwatch获取日志每日摘要之类的软件包,以便在发生需要您注意的事情时更快地做出响应。它不止一次救了我一命。

相关内容