close
yum install fail2ban
/etc/fail2ban/jail.conf
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 192.168.0.0/24
設定(SSH)
cd /etc/fail2ban/jail.d
vi sshd.local
#############################
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=xxxxxxxxxx@gmail.com, sender=fail2ban@xxxxxx.com.tw]
logpath = /var/log/secure
maxretry = 5
bantime = 86400
vi postfix.conf
[smtp-iptables]
enabled = true
filter = postfix
action = iptables[name=POSTFIX, port=postfix, protocol=tcp]
sendmail-whois[name=POSTFIX, dest=littlex@gmail.com, sender=fail2ban@mj-app.com.tw]
logpath = /var/log/secure
maxretry = 5
bantime = 86400
action 是指偵測到之後要採取的行動,這裡有二種方式,
iptables 是使用 iptables 來阻擋,
sendmail-whois 是寄信給管理者,這二種行動的設定,可以在 /etc/fail2ban/action.d 目錄下找到相關的設定
測試
iptables -L -n
Chain f2b-SSH (1 references)
target prot opt source destination
REJECT all -- 192.168.0.251 0.0.0.0/0 reject-with icmp-port-unreachable
解除
iptables -D f2b-SSH -s 192.168.0.251 -j REJECT
全站熱搜
留言列表
