Recently, I suffer a lot attack from china IP.
I set some security rules for sshd server
1. edit sshd_configure
PermitRootLogin no
MaxAuthTries 2
PermitEmptyPasswords no
PasswordAuthentication yes
UsePAM yes
2. edit /etc/hosts.deny
ALL: {IP from fuck damn China}
or
sshd: {IP from fuck damn China}
The IP can check from http://www.ipdeny.com/ipblocks/
3. apply pam
auth required pam_stack.so service=system-auth
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
