Fail2ban可以防止惡意的一些try attach,當try太多次時,會主動阻檔
記得要先yum upgrade , yum update
1.先增加EPLE (Extra Packages for Enterprise Linux)
sudo yum install epel-release
2.安裝fail2ban
sudo yum install fail2ban
3.設定啟動時開啟fail2ban (fail2ban start on boot)
sudo systemctl enable fail2ban
4.啟動fail2ban
sudo systemctl start fail2ban
就完成安裝了,再來需要做一些預設值的設定
sudo nano /etc/fail2ban/jail.local
把下面內容貼上,就可以使用基本的fail2ban 防止惡意測試ssh登入了
也可以直接修改/etc/fail2ban/jail.conf
[DEFAULT] # Ban hosts for one hour: ignoreip = 127.0.0.1/8 bantime = 86400 findtime = 600 maxretry = 5 # Override /etc/fail2ban/jail.d/00-firewalld.conf: # if you use iptables firewall use this one # banaction = iptables-multiport # if you use firewalld firewall use this one banaction = firewallcmd-ipset action = %(action_mwl)s [sshd] enabled = true filter = sshd port = 22 action = %(action_mwl)s logpath = /var/log/secure
有些指令可以知道fail2ban目前執行的狀態
sudo fail2ban-client status
sudo fail2ban-client status sshd
log檔可以到/var/log/fail2ban.log查看
參考資料: