CENTOS 7 安装Fail2ban防止暴力破解sshd
1.先安装套件库
yum install epel-release
2.安装支援支援firewalld的fail2ban
yum install fail2ban-firewalld fail2ban-systemd fail2ban-server fail2ban-sendmail
3.新增参数档
复制预设参数档为jail.local ,避免更新后jail.conf和fail2ban.con被覆盖
cp /etc/fail2ban/jail.conf cp/etc/fail2ban/jail.local
4.设定参数档
(1)vi /etc/fail2ban/jail.local
(2)保护sshd机制预设不启动,启用sshd保护机制,找到 [sshd] 字样,于下方加上enabled = true
[sshd]
enabled = true
(3) 修改封锁IP时间,单位是秒,预设为600秒,请修改为你喜欢的秒数,范例修改为86400 秒(24小时)
bantime = 86400
(4)修改检测时间,在此时间内登入帐号失败超过maxretry规定的次数会启用Fail2ban封锁IP,单位是秒 ,预设为600秒
findtime = 60
(5)修改尝试次数,此参数搭配findtime,预设值为5
maxretry = 3
5.设定开机启动fail2ban
sudo systemctl enable fail2ban
6.启动fail2ban
sudo systemctl start fail2ban
7.常用指令:
(1)检查fail2ban执行状态
fail2ban-client status
(2)检查fail2ban sshd防护执行状态
fail2ban-client status sshd
(3)解除被封锁IP
fail2ban-client set sshd unbanip 被封锁的ip
(4)封锁ip
fail2ban-client set sshd banip 要封锁的ip
其他指令说明:http://www.fail2ban.org/wiki/index.php/Commands
8.记录档:
/var/log/fail2ban.log
参考资料: