{"id":954,"date":"2015-04-14T01:54:21","date_gmt":"2015-04-13T16:54:21","guid":{"rendered":"http:\/\/akal.co.kr\/?p=954"},"modified":"2015-04-14T01:54:21","modified_gmt":"2015-04-13T16:54:21","slug":"%ec%9a%b0%eb%b6%84%ed%88%ac-%eb%af%bc%ed%8a%b8-geoip%ec%99%80-shell-script%eb%a5%bc-%ec%9d%b4%ec%9a%a9%ed%95%b4%ec%84%9c-ssh-%ec%a0%91%ec%86%8d-%ec%a0%9c%ed%95%9c%ed%95%98%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/akal.co.kr\/?p=954","title":{"rendered":"[\uc6b0\ubd84\ud22c, \ubbfc\ud2b8] GeoIP\uc640 Shell Script\ub97c \uc774\uc6a9\ud574\uc11c ssh \uc811\uc18d \uc81c\ud55c\ud558\uae30"},"content":{"rendered":"

G<\/span>eoIP\ub97c \uc774\uc6a9\ud558\uba74 \uc678\uad6d\uc5d0\uc11c \uc811\uc18d\ud558\ub294 \uc544\uc774\ud53c\uc5d0 \ub300\ud574\uc11c SSH \uc811\uc18d\uc81c\ud55c\uc744 \ud560\uc218\uac00 \uc788\ub2e4. \ud2b9\ud788 \uc694\uc998\uc740 \uc911\uad6d\ubc1c SSH\uc5d0 \ub300\ud55c \ubb34\uc791\uc704 \uacf5\uaca9\uc740 \ub3c4\uac00 \uc9c0\ub098\uce58\ub2e4 \uc2f6\uc744 \uc815\ub3c4\ub85c \ub9ce\uae30 \ub54c\ubb38\uc5d0 \uc774 \uc791\uc5c5\uc740 \ubc18\ub4dc\uc2dc \ud574\uc918\uc57c \ud558\ub294 \uc791\uc5c5\uc774\ub77c\uace0 \uc0dd\uac01\ub41c\ub2e4. ssh\ubfd0\ub9cc \uc544\ub2c8\ub77c http \ud504\ub85c\ud1a0\ucf5c \uc811\uc18d \ub4f1\uc758 \ud5c8\uc6a9 \ubc0f \uc81c\ud55c\uc774 \uac00\ub2a5\ud574\uc9c4\ub2e4. GeoIP\ub97c \uc774\uc6a9\ud574\uc11c SSH\uc5d0 \ub300\ud55c \uc811\uc18d \uc81c\ud55c\uc744 \ucc3e\ub2e4\ubcf4\ub2c8 \uac70\uc758 \ub300\ubd80\ubd84 [highlight]iptable\uc744 \uc774\uc6a9\ud558\uc5ec \uc81c\ud55c\ud558\uac70\ub098 PAM\uc744 \uc774\uc6a9\ud574\uc11c \ub9c9\uae30\uc758 \ubc29\ubc95[\/highlight]\uc744 \uc4f0\ub294\ub370, \uc774 \ub450\uac00\uc9c0 \ubaa8\ub450 \ucd08\ubcf4\uc790\ub4e4\uc774 \uc124\uc815\ud558\uae30\uc5d4 \uc870\uae08 \uc5b4\ub824\uc6cc \ubcf4\uc600\ub2e4. \ud2b9\ud788 iptable\uc744 \uc774\uc6a9\ud560\ub54c \ub8f0\uc744 \uc798\ubabb \uc774\ud574\ud574\uc11c \uc801\uc6a9\ud558\uac70\ub098 \uc14b\ud305\ud558\uba74 \uc624\ud788\ub824 \ubcf8\uc778\uc774 \uc811\uc18d\uc744 \ubabb\ud558\ub294 \uacbd\uc6b0\uac00 \uc0dd\uae38\uc218\ub3c4 \uc788\uace0\ud574\uc11c \uc790\ub8cc\ub97c \ucc3e\ub2e4\uac00 Shell Script\ub97c \uc774\uc6a9\ud558\ub294 \ubc29\ubc95\uc744 \ucc3e\uc544\ub0c8\uace0, \uc801\uc6a9\ud574\ubcf4\ub2c8 \uaf64 \ud6cc\ub96d\ud558\ub2e4. \ucd08\ubcf4\ubd84\ub4e4\uc5d0\uac8c\ub294 \uad6c\ud604\uc6d0\ub9ac\ub098 \uc791\ub3d9\uc6d0\ub9ac\uc758 \uc774\ud574\uac00 \uc26c\uc6b4 \uc774 \ubc29\ubc95\uc744 \uad8c\uace0\ud574\ub4dc\ub9ac\uace0 \uc2f6\ub2e4. <\/p>\n

\uc6d0\ubb38\uc0ac\uc774\ud2b8 : http:\/\/www.axllent.org\/docs\/view\/ssh-geoip\/<\/a><\/p><\/blockquote>\n

1. GeoIP Database \uc124\uce58 <\/div>\n

geoiplookup \uba85\ub839\uc5b4\uc640 GeoIP country (free) database\ub97c \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n

$ sudo apt-get install geoip-bin geoip-database<\/pre>\n
\uc798 \uc124\uce58 \ub418\uc5c8\ub294\uc9c0 \ub2e4\uc74c\uacfc \uac19\uc774 \ud14c\uc2a4\ud2b8\ub97c \ud574\ubcf8\ub2e4.<\/p>\n
$ geoiplookup 8.8.8.8\r\nGeoIP Country Edition: US, United States<\/pre>\n
\uc704\uc640\uac19\uc774 US, United States \uac00 \ucd9c\ub825\ub41c\ub2e4\uba74 \uc81c\ub300\ub85c \uc124\uce58\ub41c \uac83\uc774\ub2e4.<\/p>\n
2. Shell Script \uc791\uc131 <\/div>\n
\uc774 Shell Script\ub294 \uc811\uc18d\uc790\uc758 ip \uc8fc\uc18c\ub97c GeoIP database\uc640 \ube44\uad50\ud558\uc5ec \uc811\uc18d\uc9c0\uc5ed\uc774 KR\uc778\uc9c0 \uc720\ubb34\uc5d0 \ub530\ub77c ALLOW\uc640 DENY\ub97c \ub9ac\ud134\ud574\uc900\ub2e4. \ub610\ud55c \uc774\ub7ec\ud55c \uba54\uc138\uc9c0\ub97c logger\ub97c \uc774\uc6a9\ud574\uc11c log\ud30c\uc77c([highlight]\/var\/log\/syslog[\/highlight])\uc5d0 \uae30\ub85d\uc774 \ub418\ub3c4\ub85d \ud55c\ub2e4. \uc774 \ud30c\uc77c\uc740 \/usr\/local\/bin\/sshfilter.sh\ub85c \ub9cc\ub4e4\uba74 \ub41c\ub2e4.<\/p>\n
#!\/bin\/bash\r\n\r\n# UPPERCASE space-separated country codes to ACCEPT\r\nALLOW_COUNTRIES=\"KR\"\r\n\r\nif [ $# -ne 1 ]; then\r\n  echo \"Usage:  `basename $0` <ip>\" 1>&2\r\n  exit 0 # return true in case of config issue\r\nfi\r\n\r\nCOUNTRY=`\/usr\/bin\/geoiplookup $1 | awk -F \": \" '{ print $2 }' | awk -F \",\" '{ print $1 }' | head -n 1`\r\n\r\n[[ $COUNTRY = \"IP Address not found\" || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE=\"ALLOW\" || RESPONSE=\"DENY\"\r\n\r\nif [ $RESPONSE = \"ALLOW\" ]\r\nthen\r\n  exit 0\r\nelse\r\n  logger \"$RESPONSE sshd connection from $1 ($COUNTRY)\"\r\n  exit 1\r\nfi<\/pre>\n
Script\uc758 \uc2e4\ud589\uad8c\ud55c\ub3c4 \uc78a\uc9c0\ub9d0\uace0 \uc9c0\uc815\ud574\uc8fc\uc790.<\/p>\n
$ sudo chown root.root \/usr\/local\/bin\/sshfilter.sh\r\n$ sudo chmod 775 \/usr\/local\/bin\/sshfilter.sh\r\n<\/pre>\n
3. SSH \uc7a0\uae08\uc124\uc815<\/div>\n
\/etc\/hosts.deny \ud30c\uc77c\uc5d0 \ub2e4\uc74c\uacfc \uac19\uc740 \ub77c\uc778\uc744 \ucd94\uac00\ud569\ub2c8\ub2e4.<\/p>\n
sshd: ALL<\/pre>\n
\uadf8\ub9ac\uace0 \/etc\/hosts.allow \ud30c\uc77c\uc5d0\ub3c4 \ub2e4\uc74c\uacfc \uac19\uc740 \ub77c\uc778\uc744 \ucd94\uac00\ud569\ub2c8\ub2e4.<\/p>\n
sshd: ALL: aclexec \/usr\/local\/bin\/sshfilter.sh %a<\/pre>\n
4. \uc81c\ub300\ub85c \uc791\ub3d9\ud558\ub294\uc9c0 Test \ud558\uae30<\/div>\n
\uc704\uc5d0\uc11c \ud14c\uc2a4\ud2b8 \ud588\ub358 US ip\ub97c \uac00\uc9c0\uace0 \ud14c\uc2a4\ud2b8 \ud574\ubcf4\ub3c4\ub85d \ud55c\ub2e4.<\/p>\n
\/usr\/local\/bin\/sshfilter.sh 8.8.8.8<\/pre>\n
KR(\ud55c\uad6d) \uc544\uc774\ud53c\ub9cc \uc811\uc18d\uc744 \ud5c8\uc6a9\ud558\ub3c4\ub85d \ud588\uc73c\ubbc0\ub85c DENY \uba54\uc138\uc9c0\uac00 \ub098\uc640\uc57c \uc815\uc0c1\uc774\ub2e4.
\n\ub2e4\uc74c \uba54\uc138\uc9c0\ub294 \/var\/log\/syslog \uc5d0\uc11c \ubcfc \uc218 \uc788\ub2e4.<\/p>\n
Jun 26 17:02:37 pi root: DENY sshd connection from 8.8.8.8 (US)<\/pre>\n
\ub300\ubd80\ubd84 \uc911\uad6d\ubc1c \uc544\uc774\ud53c\uc5d0\uc11c \uc811\uc18d\uc744 \uc2dc\ub3c4\ud558\uace0 \uc788\ub2e4\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4. \uac00\ub054 \uc601\uad6d\uc544\uc774\ud53c\ub3c4 \ub9ce\uc774 \ubcf4\uc774\uae34 \ud55c\ub2e4.<\/p>\n
3940 Apr 13 22:14:12 akalkid logger: DENY sshd connection from 43.255.190.177 (HK)\r\n3941 Apr 13 22:14:34 akalkid logger: DENY sshd connection from 119.147.137.94 (CN)\r\n3943 Apr 13 22:26:22 akalkid logger: DENY sshd connection from 222.186.56.138 (CN)\r\n3944 Apr 13 22:32:40 akalkid logger: DENY sshd connection from 43.255.190.117 (HK)\r\n3945 Apr 13 22:32:46 akalkid logger: DENY sshd connection from 43.255.190.187 (HK)\r\n3946 Apr 13 22:33:57 akalkid logger: DENY sshd connection from 43.255.190.152 (HK)\r\n3948 Apr 13 22:49:20 akalkid logger: DENY sshd connection from 43.255.190.131 (HK)\r\n3949 Apr 13 22:49:23 akalkid logger: DENY sshd connection from 43.255.190.135 (HK)\r\n3950 Apr 13 22:51:51 akalkid logger: DENY sshd connection from 117.40.239.54 (CN)\r\n3951 Apr 13 22:54:54 akalkid logger: DENY sshd connection from 58.218.204.226 (CN)\r\n3952 Apr 13 23:07:28 akalkid logger: DENY sshd connection from 43.255.190.175 (HK)\r\n3953 Apr 13 23:07:49 akalkid logger: DENY sshd connection from 43.255.190.130 (HK)\r\n3956 Apr 13 23:21:55 akalkid logger: DENY sshd connection from 222.186.21.209 (CN)\r\n3957 Apr 13 23:25:51 akalkid logger: DENY sshd connection from 43.255.190.139 (HK)\r\n3958 Apr 13 23:26:09 akalkid logger: DENY sshd connection from 222.77.190.33 (CN)\r\n<\/pre>\n
5. GeoIP\uc758 \uc8fc\uae30\uc801 update<\/div>\n
\/etc\/cron.monthly\/updatingGeoIP \ub77c\ub294 \ud30c\uc77c\uc744 \ub9cc\ub4e4\uc5b4\uc11c \ub2e4\uc74c\uacfc \uac19\uc740 \ub0b4\uc6a9\uc744 \uc791\uc131\ud574\uc900\ub2e4.<\/p>\n
#!\/bin\/bash\r\n\r\ncd \/tmp\r\nwget -q http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCountry\/GeoIP.dat.gz\r\nif [ -f GeoIP.dat.gz ]\r\nthen\r\n    gzip -d GeoIP.dat.gz\r\n    rm -f \/usr\/share\/GeoIP\/GeoIP.dat\r\n    mv -f GeoIP.dat \/usr\/share\/GeoIP\/GeoIP.dat\r\nelse\r\n    echo \"The GeoIP library could not be downloaded and updated\"\r\nfi<\/pre>\n
\uc800\ub294 \uc774\uc678\uc5d0\ub3c4 Fail2ban \uc774\ub77c\ub294 \ud328\ud0a4\uc9c0\ub3c4 \uc124\uce58\ud574\uc11c 3\ud68c\uc774\uc0c1 \uc811\uc18d\uc2dc\ub3c4\ub97c \ud560\ub54c\uc5d0\ub294 \uc77c\uc815\uc2dc\uac04 \uc774\uc0c1 \uc811\uc18d\uc744 \uc544\uc608 \ud5c8\uc6a9\uce58 \uc54a\uace0 Ban\uc744 \uc2dc\ud0a4\uace0 \uc788\uc2b5\ub2c8\ub2e4. ssh\uc758 \uae30\ubcf8 \ud3ec\ud2b8\ubc88\ud638\ub97c \ubc14\uafbc\ub2e4\uac70\ub098 \ud558\ub294 \ubc29\ubc95\ub3c4 \uad1c\ucc2e\uc740 \ubc29\ubc95\uc774\ub77c\uace0 \uc0dd\uac01\ub429\ub2c8\ub2e4. \ubcf4\uc548\uc740 \uc544\ubb34\ub9ac \uac15\uc870\ud574\ub3c4 \uc9c0\ub098\uce58\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc11c\ubc84\ub97c \uc6b4\uc601\ud558\uc2dc\ub294 \ubd84\uc774\ub77c\uba74 \ud2b9\ud788, \uc911\uad6d\ubc1c SSH\uc5d0 \ub300\ud55c \ubb34\ucc28\ubcc4 \uacf5\uaca9\uc5d0 \ub300\ud574 \uc5b4\ub290\uc815\ub3c4 \ub300\ube44\ub97c \ud574\ub193\ub294 \uac83\uc774 \uc88b\ub2e4\ub294 \uc0dd\uac01\uc785\ub2c8\ub2e4. \uc77c\ub2e8 \ub2e4\uc74c \uc11c\ubc84\ub97c \uad6c\ub9e4\ud558\uace0 \uc14b\ud305\ud560\ub54c\ub294 \uc800\ub3c4 SSH\uc758 \uae30\ubcf8\ud3ec\ud2b8\ub97c \ubc14\uafd4\uc11c \uc2dc\uc791\ud560 \uc608\uc815\uc785\ub2c8\ub2e4 \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
GeoIP\ub97c \uc774\uc6a9\ud558\uba74 \uc678\uad6d\uc5d0\uc11c \uc811\uc18d\ud558\ub294 \uc544\uc774\ud53c\uc5d0 \ub300\ud574\uc11c SSH \uc811\uc18d\uc81c\ud55c\uc744 \ud560\uc218\uac00 \uc788\ub2e4. \ud2b9\ud788 \uc694\uc998\uc740 \uc911\uad6d\ubc1c SSH\uc5d0 \ub300\ud55c \ubb34\uc791\uc704 \uacf5\uaca9\uc740 \ub3c4\uac00 \uc9c0\ub098\uce58\ub2e4 \uc2f6\uc744 \uc815\ub3c4\ub85c \ub9ce\uae30 \ub54c\ubb38\uc5d0 \uc774 \uc791\uc5c5\uc740 \ubc18\ub4dc\uc2dc \ud574\uc918\uc57c \ud558\ub294 \uc791\uc5c5\uc774\ub77c\uace0 \uc0dd\uac01\ub41c\ub2e4. ssh\ubfd0\ub9cc \uc544\ub2c8\ub77c http \ud504\ub85c\ud1a0\ucf5c...<\/p>\n","protected":false},"author":1,"featured_media":961,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10],"tags":[475,476,474],"_links":{"self":[{"href":"https:\/\/akal.co.kr\/index.php?rest_route=\/wp\/v2\/posts\/954"}],"collection":[{"href":"https:\/\/akal.co.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/akal.co.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/akal.co.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/akal.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=954"}],"version-history":[{"count":0,"href":"https:\/\/akal.co.kr\/index.php?rest_route=\/wp\/v2\/posts\/954\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/akal.co.kr\/index.php?rest_route=\/wp\/v2\/media\/961"}],"wp:attachment":[{"href":"https:\/\/akal.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/akal.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/akal.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}