centos7–fail2ban配置

3,928次阅读
没有评论

很多时候, 我们并不想更改SSH端口来避开攻击, 或者因为某些网络限制, 我们必须为服务器开22端口. 这时候可以使用Fail2ban来拦截未授权的访问者.

食用前请确保你的魔法主机是KVM/XEN, 某些Openvz的firewalld组件启动不完全, 会使Fail2ban失效. 已知hostus这家是无法使用fail2ban的

使用如下命令安装fail2ban

  1. yum install epel-release -y
  2. yum install fail2ban fail2ban-systemd -y

复制文件

  1. cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

使用 vi /etc/fail2ban/jail.local , 并写入如下内容

[DEFAULT]

# # MISCELLANEOUS OPTIONS #

# “ignoreip” can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8

# External command that will take an tagged arguments to ignore, e.g. <ip>, # and return true if the IP is to be ignored. False otherwise. # # ignorecommand = /path/to/command <ip> ignorecommand =

# “bantime” is the number of seconds that a host is banned. bantime = 864000

# A host is banned if it has generated “maxretry” during the last “findtime” # seconds. findtime = 3600

# “maxretry” is the number of failures before a host get banned. maxretry = 10

使用 vi /etc/fail2ban/jail.d/sshd.local , 并写入如下内容[sshd]

enabled = true port = ssh #action = firewallcmd-ipset logpath = %(sshd_log)s maxretry = 10 bantime = 864000

确保firewall已经打开

  1. systemctl enable firewalld
  2. systemctl start firewalld

启动fail2ban

  1. systemctl enable fail2ban
  2. systemctl start fail2ban

至此, 你已提升服务器的安全等级. 所有未授权的访问都会被拦截 使用如下命令可以查看攻击者IP

  1. fail2ban-client status sshd

设置开机启动

CentOS 7:
systemctl enable fail2ban
admin
版权声明:本站原创文章,由 admin2017-03-06发表,共计1266字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
评论(没有评论)