ssh 해외 접속 차단
Added by 종현 이 almost 4 years ago
ubuntu 18.04 LTS 기준
1. GEOIP DATABASE 설치
sudo apt-get install geoip-bin geoip-database
2. shell script 생성
vim /usr/local/bin/sshfilter.sh
#!/bin/bash
#UPPERCASE space-separated country codes to ACCEPT
ALLOW_COUNTRIES="KR"
if [ $# -ne 1 ]; then
echo "Usage: `basename $0` <ip>" 1>&2
exit 0 # return true in case of config issue
fi
COUNTRY=`/usr/bin/geoiplookup $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`
[[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE="ALLOW" || RESPONSE="DENY"
if [ $RESPONSE = "ALLOW" ]
then
exit 0
else
logger "$RESPONSE sshd connection from $1 ($COUNTRY)"
exit 1
fi
sudo chown root.root /usr/local/bin/sshfilter.sh
sudo chmod 775 /usr/local/bin/sshfilter.sh
3. ssh 잠금설정
/etc/hosts.deny
sshd: ALL
/etc/hosts.allow
sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a
2. TEST
geoiplookup 8.8.8.8
/usr/local/bin/sshfilter.sh 8.8.8.8