定位 发表于 2017-2-9 17:30:08

CentOS 6和7版本环境安装Fail2ban服务来防止暴力破解FTP/SSH

如果出于各种少折腾的需求,如果能不用VPS尽量我们建站的时候就不要用VPS,因为在很多时候我们会受到来自各种主动与非主动的攻击问题出现。一旦出现问题,我们就需要花费大量的时间和精力去解决这样的问题。刚才在寻找是否有些教程可以写的时候看到这篇关于Fail2ban应用文章,于是也就整理过来分享。
基于CentOS 6或者7版本的系统,我们可以安装Fail2ban工具来阻止一定的暴力破解SSH或者FTP账户问题,也许不能足够的解决问题,但至少可以解决一般的问题。
第一、Fail2ban安装A - CentOS 6rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install fail2banB - CentOS 7rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
yum install fail2ban选择对应的系统进行脚本一键安装,在安装过程中会出现三次是否需要输入Y的步骤,我们输入y且回车继续到最后


第二、Fail2ban设置编辑/etc/fail2ban/jail.conf文件,我们需要设置Fail2ban配置文件。
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8
# External command that will take an tagged arguments to ignore, e.g. ,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command
ignorecommand =
# "bantime" is the number of seconds that a host is banned.
bantime  = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
#              If pyinotify is not installed, Fail2ban will use auto.
# gamin:     requires Gamin (a file alteration monitor) to be installed.
#              If Gamin is not installed, Fail2ban will use auto.
# polling:   uses a polling algorithm which does not require external libraries.
# auto:      will try to use the following backends, in order:
#              pyinotify, gamin, polling.
backend = auto
# "usedns" specifies if jails should trust hostnames in logs,
#   warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a DNS lookup will be performed.
# warn:  if a hostname is encountered, a DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
usedns = warn一般,我们设置这几个就可以,具体的含义如下:ignoreip = 127.0.0.1 #忽略的IP列表,不受设置限制(白名单)
bantime = 600 #屏蔽时间,单位:秒
findtime = 600 #这个时间段内超过规定次数会被ban掉
maxretry = 3 #最大尝试次数
backend = auto #日志修改检测机制(gamin、polling和auto这三种)
#针对各服务的检查配置,如设置bantime、findtime、maxretry和全局冲突,服务优先级大于全局设置
enabled = true #是否激活此项(true/false)
filter = sshd #过滤规则filter的名字,对应filter.d目录下的sshd.conf
action = iptables #动作的相关参数
sendmail-whois #触发报警的收件人
logpath = /var/log/secure #检测的系统的登陆日志文件
maxretry = 5 #最大尝试次数第三、启动fail2banCentOS 6:
service fail2ban restart
CentOS 7:
systemctl restart fail2ban.service第四、设置开机启动CentOS 6:
chkconfig fail2ban on
CentOS 7:
systemctl enable fail2ban

heimao 发表于 2017-2-9 17:39:01

不错,支持,后续做一下
页: [1]
查看完整版本: CentOS 6和7版本环境安装Fail2ban服务来防止暴力破解FTP/SSH