close
yum install fail2ban

/etc/fail2ban/jail.conf

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 192.168.0.0/24




設定(SSH)
cd /etc/fail2ban/jail.d
vi sshd.local

#############################

enabled  = true
filter   = sshd

action   = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=xxxxxxxxxx@gmail.com, sender=fail2ban@xxxxxx.com.tw]

logpath  = /var/log/secure
maxretry = 5
bantime = 86400


vi postfix.conf


[smtp-iptables]
enabled  = true
filter   = postfix
action   = iptables[name=POSTFIX, port=postfix, protocol=tcp]
           sendmail-whois[name=POSTFIX, dest=littlex@gmail.com, sender=fail2ban@mj-app.com.tw]
logpath  = /var/log/secure
maxretry = 5
bantime = 86400





action 是指偵測到之後要採取的行動,這裡有二種方式,
iptables 是使用 iptables 來阻擋,
sendmail-whois 是寄信給管理者,這二種行動的設定,可以在 /etc/fail2ban/action.d 目錄下找到相關的設定





測試
iptables -L -n

Chain f2b-SSH (1 references)
target     prot opt source               destination
REJECT     all  --  192.168.0.251        0.0.0.0/0            reject-with icmp-port-unreachable


解除
iptables -D f2b-SSH -s 192.168.0.251 -j REJECT


arrow
arrow
    全站熱搜

    阿貴貴 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄