原理:
通过调用iptables等安全策略来达到防暴力破解的目的.
环境:
centos 7 :192.168.253.130
1.安装fail2ban
[root@hya ~]# yum -y install epel-release epel库里有fail2ban所以直接下载 [root@hya ~]# yum -y install fail2ban
2.配置fail2ban
[root@hya ~]# vim /etc/fail2ban/jail.conf [DEFAULT] ignoreip = 127.0.0.1/8 ignorecommand = bantime = 60 #屏蔽时间,-1是永久屏蔽 findtime = 60 #设置限定时间内超过 最大尝试次数 限制次数即被封锁 maxretry = 3 #最大尝试次数 backend = auto #日志修改后检测机制 usedns = warn #ssh链接加速 logencoding = auto enabled = false [ssh-iptables] ## 分类设置(基于 SSHD 服务的防护) enabled = true ## 是否开启防护,false 为关闭 filter = sshd ## 过滤规则 filter 名称,对应 filter.d 目录下的 sshd.conf action = iptables[name=SSH, port=22, protocol=tcp] 《###action = iptables[name=SSH, port=ssh, protocol=tcp] ## 动作参数 sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] ## 邮件通知参数 ## 收件人地址 ## 发件人地址####》 这是个例子 logpath = /var/log/secure ## 检测系统登陆日志文件 maxretry = 3 ## 最大尝试次数
3.进行测试
[root@localhost ~]# ssh 192.168.253.130 连接三次后发现被屏蔽了 ssh: connect to host 192.168.253.130 port 22: Connection refused [root@hya ~]# fail2ban-client status ssh-iptables 状态 Status for the jail: ssh-iptables |- Filter | |- Currently failed: 0 | |- Total failed: 6 | `- File list: /var/log/secure `- Actions |- Currently banned: 1 |- Total banned: 2 `- Banned IP list: 192.168.253.137 [root@hya ~]# vim /var/log/secure 通过删除可以接触被屏蔽的ip Jul 14 22:03:58 localhost sshd[12509]: Failed password for root from 192.168.253.137 port 55829 ssh2 Jul 14 22:03:58 localhost sshd[12509]: Connection closed by 192.168.253.137 port 55829 [preauth] Jul 14 22:03:58 localhost sshd[12509]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.253.137 user=root
转载自:CSDN 作者:Hya、
原文链接:https://blog.csdn.net/yeyslspi59/article/details/108058446