{"id":23177,"date":"2026-03-18T09:21:50","date_gmt":"2026-03-18T15:21:50","guid":{"rendered":"https:\/\/sada.services\/?p=23177"},"modified":"2026-03-18T09:21:50","modified_gmt":"2026-03-18T15:21:50","slug":"infra-propuestas-de-configuracion-hardering","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=23177","title":{"rendered":"Infra: Propuestas de configuraci\u00f3n hardering"},"content":{"rendered":"\n<ul class=\"wp-block-list\">\n<li>Esto aplica para servidor phplist-hardering servidor expuesto a ip publica <\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># DATOS\n\nssh cgi@10.0.100.93 \/u4c\n\nIp: 10.0.100.93\nu:c\np:u4c<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuraciones actuales<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CTK enabled<\/li>\n\n\n\n<li>vmtools <\/li>\n\n\n\n<li>nagios client<\/li>\n\n\n\n<li>Cortex<\/li>\n\n\n\n<li>Wazuh<\/li>\n\n\n\n<li>Servicio Nagios:\n<ul class=\"wp-block-list\">\n<li>Configurado b\u00e1sico<\/li>\n\n\n\n<li>Memory usage<\/li>\n\n\n\n<li>ENS190 in and Out<\/li>\n\n\n\n<li>Servicio especial: puerto 80<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"487\" height=\"499\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-161.png\" alt=\"\" class=\"wp-image-23180\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-161.png 487w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-161-293x300.png 293w\" sizes=\"(max-width: 487px) 100vw, 487px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Iptables<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instalamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install iptables iptables-persistent -y<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"220\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/1-1024x220.png\" alt=\"\" class=\"wp-image-23072\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/1-1024x220.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/1-300x64.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/1-768x165.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/1-1536x329.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/1.png 1889w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"207\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-88-1024x207.png\" alt=\"\" class=\"wp-image-23071\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-88-1024x207.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-88-300x61.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-88-768x155.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-88-1536x310.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-88.png 1901w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configuraci\u00f3n defecto Resumen<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -F\niptables -t mangle -F\niptables -P INPUT DROP\niptables -P FORWARD DROP\niptables -P OUTPUT ACCEPT\niptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\niptables -A INPUT -m conntrack --ctstate INVALID -j DROP\niptables -A INPUT -i lo -j ACCEPT\niptables -A INPUT -p icmp -m limit --limit 5\/sec -j ACCEPT\niptables -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP\niptables -A INPUT -p tcp --dport 22 -j ACCEPT\niptables -A INPUT -p tcp --dport 33221 -j ACCEPT\niptables -A INPUT -p tcp --dport 5693 -s 10.0.100.24 -j ACCEPT\niptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set\niptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP\niptables -A INPUT -m conntrack --ctstate INVALID -j DROP\niptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP\niptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Explicaci\u00f3n<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>--********************************\n-- Limpia reglas anteriores\n--********************************\niptables -F\niptables -t mangle -F\n\n--********************************\n--Define IN la pol\u00edtica por defecto DROP\n--********************************\niptables -P INPUT DROP\niptables -P FORWARD DROP\n\n--********************************\n--Define OUTPUT la pol\u00edtica por defecto DROP\n--********************************\niptables -P OUTPUT ACCEPT\n\n--********************************\n--Permite conexiones ya establecidas\n--********************************\niptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n\n--********************************\n--Bloquea paquetes inv\u00e1lidos\n--********************************\niptables -A INPUT -m conntrack --ctstate INVALID -j DROP\n\n--********************************\n--Permite loopback\n--********************************\niptables -A INPUT -i lo -j ACCEPT\n\n--********************************\n-- Permite ping limitado\n--********************************\niptables -A INPUT -p icmp -m limit --limit 5\/sec -j ACCEPT\n\n--********************************\n--Protecciones contra tr\u00e1fico TCP malicioso \n--********************************\niptables -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP\n\n--********************************\n--SSH\n--********************************\niptables -A INPUT -p tcp --dport 22 -j ACCEPT\n\n--********************************\n--Protecci\u00f3n contra ataques de fuerza bruta SSH\n--********************************\niptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set\niptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP\n\n--********************************\n-- WAZUH\n--********************************\niptables -A INPUT -p tcp --dport 33221 -j ACCEPT\n\n--********************************\n-- NAGIOS\n--********************************\niptables -A INPUT -p tcp --dport 5693 -s 10.0.100.24 -j ACCEPT\n\n\n--********************************\n--Protecciones contra escaneo de puertos\n--********************************\niptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP\niptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Puerto de Aplicaci\u00f3n<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># WEB 80 \/ 443\niptables -A INPUT -p tcp --dport 80 -j ACCEPT\niptables -A INPUT -p tcp --dport 443 -j ACCEPT\n\n# Aplicaciones java 8080 \/ 9090\niptables -A INPUT -p tcp --dport 8080 -j ACCEPT\niptables -A INPUT -p tcp --dport 9090 -j ACCEPT\n\n# SMTP\niptables -A INPUT -p tcp --dport 25 -j ACCEPT\n\n# mysql\niptables -A INPUT -p tcp --dport 3306 -j ACCEPT\n\n# PostgreSQL\niptables -A INPUT -p tcp --dport 5432 -j ACCEPT\n\n# Nagios CGT\niptables -A INPUT -p tcp --dport 5666 -s 10.0.98.201 -j ACCEPT\n\n# Otros\niptables -A INPUT -p tcp --dport 8005 -j ACCEPT\niptables -A INPUT -p tcp --dport 9450 -j ACCEPT\niptables -A INPUT -p tcp --dport 9451 -j ACCEPT\niptables -A INPUT -p tcp --dport 9400 -j ACCEPT\n\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Guardar las reglas<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables-save &gt; \/etc\/iptables\/rules.v4\niptables-save &gt; \/etc\/iptables\/rules.v6\niptables -L -v<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">SSH<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Abrimos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modificamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#PermitRootLogin prohibit-password\nX\nPermitRootLogin no\n\n#MaxAuthTries 6\nX\nMaxAuthTries 3\n\n#TCPKeepAlive yes\nX\nTCPKeepAlive no<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Fail2ban<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instalamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install rsyslog fail2ban -y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Habilitamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start fail2ban\nsystemctl enable fail2ban<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Copiar configuraci\u00f3n demo<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Abrimos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modificamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>bantime  = 10m\nX\nbantime = 7200                \/\/ bloqueado 2 horas  7200 segundos\t\n\nmaxretry = 5\nX\nmaxRetry = 3    <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reiniciamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart fail2ban<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">logwatch<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instalamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-get install logwatch -y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Copiamos el archivos de&nbsp;configuraci\u00f3n de \u00abf\u00e1brica\u00bb<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/usr\/share\/logwatch\/default.conf\/logwatch.conf \/etc\/logwatch\/conf\/logwatch.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Creamos una carpeta requerida:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/var\/cache\/logwatch<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Abrimos el archivo:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/logwatch\/conf\/logwatch.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modificamos:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>-------------------------------------------------------------- \nOutput = stdout \nX \nOutput = mail \n-------------------------------------------------------------- \nFormat = text \nX \nFormat = html \n-------------------------------------------------------------- \nMailTo = root \nX \nMailTo = gustavo.matamoros.gonzalez@una.ac.cr\n-------------------------------------------------------------- \nMailFrom = Logwatch \nX \nMailFrom = phplist@una.ac.cr\n -------------------------------------------------------------- \nDetail = Low\nX \nDetail = 8 \n--------------------------------------------------------------<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Probar<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>logwatch<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado de correo<\/li>\n\n\n\n<li>Se registraron 2 intentos de usar hacks conocidos por parte de 2 hosts:<\/li>\n\n\n\n<li>Significa que <strong>2 IPs intentaron acceder usando rutas conocidas de hackeo<\/strong>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"551\" height=\"92\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-96.png\" alt=\"\" class=\"wp-image-23090\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-96.png 551w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-96-300x50.png 300w\" sizes=\"(max-width: 551px) 100vw, 551px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Connection attempts using mod_proxy:<\/strong><\/li>\n\n\n\n<li>Alguien intent\u00f3 usar tu servidor <strong>Apache como proxy<\/strong> para conectarse a otro sitio.<\/li>\n\n\n\n<li>En tu caso <strong>no funcion\u00f3<\/strong>, solo fue intento.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"379\" height=\"59\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-97.png\" alt=\"\" class=\"wp-image-23091\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-97.png 379w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-97-300x47.png 300w\" sizes=\"(max-width: 379px) 100vw, 379px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>A total of 2 sites probed the server<\/strong><\/li>\n\n\n\n<li>Significa que <strong>2 IPs escanearon tu servidor<\/strong> buscando vulnerabilidades.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"297\" height=\"87\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-99.png\" alt=\"\" class=\"wp-image-23093\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>400 Bad Request<\/li>\n\n\n\n<li>Esto significa que bots enviaron <strong>peticiones malformadas o inv\u00e1lidas<\/strong>.<\/li>\n\n\n\n<li>Eso intenta explotar <strong>routers o c\u00e1maras vulnerables<\/strong>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"821\" height=\"376\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-98.png\" alt=\"\" class=\"wp-image-23092\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-98.png 821w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-98-300x137.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-98-768x352.png 768w\" sizes=\"(max-width: 821px) 100vw, 821px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTPD Errors<\/li>\n\n\n\n<li>Errores registrados por Apache.<\/li>\n\n\n\n<li>Significa que alguien intent\u00f3 acceder a: services.php pero Apache <strong>lo bloque\u00f3 por configuraci\u00f3n<\/strong>.<br><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"365\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-100.png\" alt=\"\" class=\"wp-image-23095\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-100.png 936w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-100-300x117.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-100-768x299.png 768w\" sizes=\"(max-width: 936px) 100vw, 936px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Errores en conexiones SSHD<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"336\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-125-1024x336.png\" alt=\"\" class=\"wp-image-23134\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-125-1024x336.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-125-300x99.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-125-768x252.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-125.png 1388w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Conexiones creadas<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"238\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-126-1024x238.png\" alt=\"\" class=\"wp-image-23135\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-126-1024x238.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-126-300x70.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-126-768x178.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-126.png 1396w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Recomendaciones: SSH<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agregar estas configuraciones<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Modo estricto\n##############################\n# SSH verifica los permisos de archivos del usuario antes de permitir login.\n# revisa\n# ~\/.ssh\n# ~\/.ssh\/authorized_keys\n# Si los permisos son inseguros (ejemplo 777):\n# SSH bloquea el acceso.\n\nStrictModes yes\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# MaxSessions\n##############################\n# Define cu\u00e1ntas sesiones simult\u00e1neas puede abrir un mismo usuario en una conexi\u00f3n SSH.\n\nMaxSessions 8<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# PubkeyAuthentication\n##############################\n# Permite autenticaci\u00f3n mediante llaves SSH\n# M\u00e1s seguro que contrase\u00f1a.\nPubkeyAuthentication yes<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# PasswordAuthentication\n##############################\n# Permite login con contrase\u00f1a.\n# PasswordAuthentication no\n# solo permitir\u00eda llaves SSH.\n# Eliminar esto elimina 99% de ataques autom\u00e1ticos.\nPasswordAuthentication yes<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# AllowUsers\n##############################\n# Solo estos usuarios pueden conectarse por SSH:\n# Esto es muy importante.\n\nAllowUsers root orion<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# PermitEmptyPasswords no\n##############################\n# no permitir passwrod vacios<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# LoginGraceTime\n##############################\n# Define cu\u00e1nto tiempo tiene un usuario para autenticarse despu\u00e9s de conectarse al SSH.\n# Cuando se conecta a puerto 22 cuanto tiempo tiene para autenticar\n# Recomendacion 30 segundo\nLoginGraceTime 30\n\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Puerto defecto\n##############################\n# Reduce bots autom\u00e1ticos.\nPort 2222\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Desactivar X11 forwarding\n##############################\n# si no se conecta uno por GUI se puede desactivar\nX11Forwarding no<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Usar protocolo seguro\n##############################\n# esto limita solo usar la versi\u00f3n v2 m\u00e1s segura\nProtocol 2<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Desactivar t\u00faneles si no se usan\n##############################\n# Evita Un atacante podr\u00eda usar tu servidor como puente hacia otras redes internas.\nAllowTcpForwarding no<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Limitar conexiones simult\u00e1neas\n##############################\n# Protege contra ataques de conexi\u00f3n masiva.\n# Controla cu\u00e1ntas conexiones SSH pueden estar abiertas al mismo tiempo SIN autenticarse todav\u00eda.\n# conexiones que solo llegaron al puerto 22 pero a\u00fan no han puesto contrase\u00f1a o llave.\n# Esto es importante porque muchos ataques hacen miles de conexiones simult\u00e1neas para saturar el servidor.\n\n# Sintaxis\nMaxStartups inicio:probabilidad:maximo\nValor\tExplicaci\u00f3n\n10\tdespu\u00e9s de 10 conexiones sin autenticarse empieza la protecci\u00f3n\n30\t30% de nuevas conexiones ser\u00e1n rechazadas\n60\tcuando llegue a 60 conexiones se bloquean todas\n\nC\u00f3mo funciona paso a paso\n\nSupongamos:\n\nMaxStartups 10:30:60\nHasta 10 conexiones\n\nSSH acepta todo normalmente.\n\nDe 10 a 60 conexiones\n\nSSH empieza a rechazar conexiones aleatoriamente.\n\nProbabilidad:\n\n30 %\n\nEsto reduce ataques autom\u00e1ticos.\n\nM\u00e1s de 60 conexiones\n\nSSH bloquea todas las nuevas conexiones.\n\nHasta que bajen las activas.\n\nQu\u00e9 problema evita\n\nAtaques llamados:\n\nSSH connection flood\n\nLos bots hacen:\n\nabrir\nabrir\nabrir\nabrir\nabrir\nabrir\n\npero sin autenticarse.\n\nEso puede llenar:\n\nmemoria\n\nprocesos SSH\n\nsockets\n\nValores recomendados\n\nPara servidores normales:\n\nMaxStartups 10:30:60\n\nPara servidores m\u00e1s estrictos:\n\nMaxStartups 5:20:20\n\nPara servidores muy cargados:\n\nMaxStartups 20:50:100\n\n\nMaxStartups 10:30:60\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>##############################\n# Desactivar autenticaci\u00f3n interactiva\n##############################\nKbdInteractiveAuthentication no<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Comando para saber ataques SSH<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\">Ataque en tiempo real<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ataques en tiempo real<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail -f \/var\/log\/auth.log<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Buscar<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Failed password for root from 185.220.101.45 port 45532 ssh2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Ips que mas atacan<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ejecutar<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>grep \"Failed password\" \/var\/log\/auth.log | grep -oE '&#91;0-9]+\\.&#91;0-9]+\\.&#91;0-9]+\\.&#91;0-9]+' | sort | uniq -c | sort -nr | head<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"48\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-101-1024x48.png\" alt=\"\" class=\"wp-image-23101\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-101-1024x48.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-101-300x14.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-101-768x36.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-101.png 1417w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>O ver los intentos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>grep \"Failed password\" \/var\/log\/auth.log<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Ver usuarios conectados ahora<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>who<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"529\" height=\"134\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-102.png\" alt=\"\" class=\"wp-image-23103\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-102.png 529w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-102-300x76.png 300w\" sizes=\"(max-width: 529px) 100vw, 529px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>o con mas detalle<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>w<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"851\" height=\"138\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-103.png\" alt=\"\" class=\"wp-image-23104\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-103.png 851w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-103-300x49.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-103-768x125.png 768w\" sizes=\"(max-width: 851px) 100vw, 851px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ver \u00faltimos accesos al servidor<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>last -a | head<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"784\" height=\"280\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-104.png\" alt=\"\" class=\"wp-image-23105\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-104.png 784w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-104-300x107.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-104-768x274.png 768w\" sizes=\"(max-width: 784px) 100vw, 784px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ver procesos sospechosos<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>ps aux --sort=-%cpu | head<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"180\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-105-1024x180.png\" alt=\"\" class=\"wp-image-23107\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-105-1024x180.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-105-300x53.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-105-768x135.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-105-1536x271.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-105.png 1624w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ver puertos abiertos y qu\u00e9 los usa<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -tulnp<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"384\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-106-1024x384.png\" alt=\"\" class=\"wp-image-23108\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-106-1024x384.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-106-300x112.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-106-768x288.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-106-1536x575.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-106.png 1914w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ver conexiones activas<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -antp<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"499\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-107-1024x499.png\" alt=\"\" class=\"wp-image-23109\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-107-1024x499.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-107-300x146.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-107-768x374.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-107-1536x748.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-107.png 1863w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">MODO RESUMEN<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"USERS:\" &amp;&amp; who &amp;&amp; echo \"PORTS:\" &amp;&amp; ss -tulnp &amp;&amp; echo \"CONNECTIONS:\" &amp;&amp; ss -antp | head<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"436\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-108-1024x436.png\" alt=\"\" class=\"wp-image-23110\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-108-1024x436.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-108-300x128.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-108-768x327.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-108-1536x655.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-108.png 1638w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ver crones de todos los usuarios<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>for user in $(cut -f1 -d: \/etc\/passwd); do\n  crontab -u $user -l 2&gt;\/dev\/null\ndone<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"435\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-109-1024x435.png\" alt=\"\" class=\"wp-image-23112\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-109-1024x435.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-109-300x128.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-109-768x327.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-109.png 1444w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ver servicios<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl list-units --type=service<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"451\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-110-1024x451.png\" alt=\"\" class=\"wp-image-23113\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-110-1024x451.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-110-300x132.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-110-768x338.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-110-1536x676.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-110.png 1831w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instalados<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl list-unit-files<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"821\" height=\"949\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-111.png\" alt=\"\" class=\"wp-image-23114\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-111.png 821w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-111-260x300.png 260w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-111-768x888.png 768w\" sizes=\"(max-width: 821px) 100vw, 821px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">RESUMEN<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"=== CRON ===\" &amp;&amp; ls -la \/etc\/cron* &amp;&amp; echo \"=== SERVICES ===\" &amp;&amp; systemctl list-unit-files | grep enabled &amp;&amp; echo \"=== USERS ===\" &amp;&amp; cut -d: -f1 \/etc\/passwd<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">SCRIPT de Chequeo<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"===== USERS LOGGED IN =====\"\nwho\n\necho\necho \"===== LAST LOGINS =====\"\nlast -a | head\n\necho\necho \"===== FAILED SSH ATTEMPTS =====\"\ngrep \"Failed password\" \/var\/log\/auth.log | tail\n\necho\necho \"===== SUCCESSFUL SSH LOGINS =====\"\ngrep \"Accepted\" \/var\/log\/auth.log | tail\n\necho\necho \"===== USERS IN SYSTEM =====\"\ncut -d: -f1 \/etc\/passwd\n\necho\necho \"===== SUDO USERS =====\"\ngetent group sudo\n\necho\necho \"===== CRON JOBS =====\"\nls -la \/etc\/cron* \n\necho\necho \"===== ENABLED SERVICES =====\"\nsystemctl list-unit-files | grep enabled\n\necho\necho \"===== OPEN PORTS =====\"\nss -tulnp\n\necho\necho \"===== ACTIVE CONNECTIONS =====\"\nss -antp | head\n\necho\necho \"===== FILES IN TEMP DIRECTORIES =====\"\nls -la \/tmp\nls -la \/var\/tmp\nls -la \/dev\/shm<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Instalaci\u00f3n de lynis<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instalaci\u00f3n<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install lynis -y\nlynis --version\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ejecutar auditoria<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>lynis audit system<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"923\" height=\"877\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-112.png\" alt=\"\" class=\"wp-image-23117\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-112.png 923w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-112-300x285.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-112-768x730.png 768w\" sizes=\"(max-width: 923px) 100vw, 923px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"893\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-113-1024x893.png\" alt=\"\" class=\"wp-image-23118\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-113-1024x893.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-113-300x262.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-113-768x670.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-113.png 1075w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"915\" height=\"814\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-114.png\" alt=\"\" class=\"wp-image-23119\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-114.png 915w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-114-300x267.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-114-768x683.png 768w\" sizes=\"(max-width: 915px) 100vw, 915px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ejemplo de SSH<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"930\" height=\"640\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-115.png\" alt=\"\" class=\"wp-image-23120\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-115.png 930w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-115-300x206.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-115-768x529.png 768w\" sizes=\"(max-width: 930px) 100vw, 930px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"931\" height=\"331\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-116.png\" alt=\"\" class=\"wp-image-23121\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-116.png 931w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-116-300x107.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-116-768x273.png 768w\" sizes=\"(max-width: 931px) 100vw, 931px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"284\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-118-1024x284.png\" alt=\"\" class=\"wp-image-23123\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-118-1024x284.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-118-300x83.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-118-768x213.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-118.png 1438w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resumen<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"421\" height=\"162\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-119.png\" alt=\"\" class=\"wp-image-23124\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-119.png 421w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-119-300x115.png 300w\" sizes=\"(max-width: 421px) 100vw, 421px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Instalar SSH-Audit<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone https:\/\/github.com\/jtesta\/ssh-audit\ncd ssh-audit\npython3 ssh-audit.py<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ejecutarlo<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># en localhost\npython3 ssh-audit.py localhost\n\n# Servidor remoto\npython3 ssh-audit.py 10.0.3.233\n\n# Puerto diferente\npython3 ssh-audit.py 10.0.3.233:2222<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"425\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-120-1024x425.png\" alt=\"\" class=\"wp-image-23126\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-120-1024x425.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-120-300x124.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-120-768x319.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-120-1536x637.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-120.png 1847w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"498\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-121-1024x498.png\" alt=\"\" class=\"wp-image-23127\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-121-1024x498.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-121-300x146.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-121-768x373.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-121-1536x747.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-121.png 1911w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"513\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-122-1024x513.png\" alt=\"\" class=\"wp-image-23128\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-122-1024x513.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-122-300x150.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-122-768x385.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-122-1536x770.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-122.png 1847w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Para obtener <strong>recomendaciones de hardening SSH<\/strong>:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>python3 ssh-audit.py --get-hardening-guide ubuntu<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Corregir<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agregar al final<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>KexAlgorithms sntrup761x25519-sha512@openssh.com\n\nHostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com\n\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"442\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-123-1024x442.png\" alt=\"\" class=\"wp-image-23129\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-123-1024x442.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-123-300x129.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-123-768x331.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-123.png 1036w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reiniciar<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart ssh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ejecutar de nuevo<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>python3 ssh-audit.py localhost<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"495\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-124-1024x495.png\" alt=\"\" class=\"wp-image-23131\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-124-1024x495.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-124-300x145.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-124-768x371.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-124-1536x743.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/03\/image-124.png 1814w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Recomendaciones: Desactivar IPv6<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Abrimos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agregamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>net.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aplicamos<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sysctl -p<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Recomendaciones: Fail2ban<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Configuraciones actuales Iptables SSH Fail2ban logwatch Recomendaciones: SSH Comando para saber ataques SSH Ataque en tiempo real Ips que mas atacan Ver usuarios conectados ahora Ver \u00faltimos accesos al servidor Ver procesos sospechosos Ver puertos abiertos y qu\u00e9 los usa Ver conexiones activas MODO RESUMEN Ver crones de todos los usuarios Ver servicios RESUMEN SCRIPT [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-23177","post","type-post","status-publish","format-standard","hentry","category-sin-categoria"],"blocksy_meta":[],"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/23177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23177"}],"version-history":[{"count":2,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/23177\/revisions"}],"predecessor-version":[{"id":23181,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/23177\/revisions\/23181"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}