centos 7 安裝fail2ban

Fail2ban可以防止惡意的一些try attach,當try太多次時,會主動阻檔

記得要先yum upgrade , yum update

1.先增加EPLE (Extra Packages for Enterprise Linux)

sudo yum install epel-release

2.安裝fail2ban

sudo yum install fail2ban

3.設定啟動時開啟fail2ban (fail2ban start on boot)

sudo systemctl enable fail2ban

4.啟動fail2ban

sudo systemctl start fail2ban

就完成安裝了,再來需要做一些預設值的設定

sudo nano /etc/fail2ban/jail.local




把下面內容貼上,就可以使用基本的fail2ban 防止惡意測試ssh登入了

也可以直接修改/etc/fail2ban/jail.conf

[DEFAULT]
# Ban hosts for one hour:
ignoreip = 127.0.0.1/8
bantime  = 86400
findtime = 600
maxretry = 5
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
# if you use iptables firewall use this one
# banaction = iptables-multiport
# if you use firewalld firewall use this one
banaction = firewallcmd-ipset
action = %(action_mwl)s

[sshd]
enabled = true
filter  = sshd
port    = 22
action = %(action_mwl)s
logpath = /var/log/secure

有些指令可以知道fail2ban目前執行的狀態

sudo fail2ban-client status
sudo fail2ban-client status sshd

log檔可以到/var/log/fail2ban.log查看

參考資料:

CentOS 7安装fail2ban + Firewalld防止爆破与CC攻击

發表迴響