tcpd (TCPwrapper)でsshdアクセスを制限 - 間違いだらけの備忘録

# apt install tcpd

# cat /etc/hosts.allow 
sshd: 127.0.0.1 [::1]
sshd: 192.168.
sshd: .jp

# cat /etc/hosts.deny 
sshd: ALL

# tcpdchk -v
Using network configuration file: (null)

>>> Rule /etc/hosts.allow line 10:
daemons:  sshd
clients:  127.0.0.1 [::1]
access:   granted

>>> Rule /etc/hosts.allow line 11:
daemons:  sshd
clients:  192.168.
access:   granted

>>> Rule /etc/hosts.allow line 12:
daemons:  sshd
clients:  .jp
access:   granted

>>> Rule /etc/hosts.deny line 18:
daemons:  sshd
clients:  ALL
access:   denied

#  ldd `which sshd` |grep libwrap
        libwrap.so.0 => /usr/lib/arm-linux-gnueabihf/libwrap.so.0

めも

参考
https://qiita.com/Qrg/items/7177c0656e0cd9a7ea0a
ssh攻撃 | Okumura's Blog

ログ

# grep refused /var/log/auth.log
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 192.241.208.18 (192.241.208.18)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 146.88.240.72 (146.88.240.72)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 107.170.252.35 (107.170.252.35)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 165.227.73.166 (165.227.73.166)
debug1: Connection refused by tcp wrapper
refused connect from 59.42.167.72.host.secureserver.net (72.167.42.59)
debug1: Connection refused by tcp wrapper
refused connect from 62.233.50.179 (62.233.50.179)

数時間でこれか。