experience of Mandriva Linux , C++, MPICH, and linux application software: 8月 2010

2010/8/27

Recently, I suffer a lot attack from china IP.

I set some security rules for sshd server

1. edit sshd_configure

PermitRootLogin no

MaxAuthTries 2

PermitEmptyPasswords no

PasswordAuthentication yes

UsePAM yes

2. edit /etc/hosts.deny

ALL: {IP from fuck damn China}

sshd: {IP from fuck damn China}

The IP can check from http://www.ipdeny.com/ipblocks/

3. apply pam

auth required pam_stack.so service=system-auth

auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed

account required pam_nologin.so

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

session required pam_stack.so service=system-auth

session required pam_loginuid.so

Some linux or unix workstation may clean your files that you do work for a long after a period.

But sometime some file we do not expect the system to clean like as file of lib.

The solution is write a script to touch them.

Actually, "touch" can not touch recursively in linux system.

However, I find a solution in web. could solve this problem.

find ~/lib -exec touch {} \;