0%

CentOS设置Fail2ban防SSH暴力破解

gtjqsr.png
今天查看我的滴滴云服务器的时候,云监控里发现最近两天有两百多次的SSH暴力破解登录,查了下来源IP,都是韩国釜山,安徽什么的。真是防不胜防啊!于是决定研究下SSH的防暴力破解,我选择的程序是Fail2ban。下面介绍如何配置使用。

1、下载安装

Fail2ban安装包在epel源里,如果没安装,需要装上。

1
2
$ sudo yum install -y epel-release
$ sudo yum install -y fail2ban fail2ban-systemd

2、修改配置文件

主配置文件/etc/fail2ban/jail.conf不建议修改,自行建一个配置文件,它会覆盖主配置文件的配置项,这样便于管理,升级安装包时也不会被覆盖。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
$ sudo vim /etc/fail2ban/jail.d/ssh.local
[DEFAULT]
# 禁止一个IP24小时
bantime = 86400

# 10分钟内尝试登陆5次失败便加入屏蔽列表
findtime = 600
maxretry = 5

# 覆写 /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = firewallcmd-ipset
action = %(action_mwl)s

[sshd]
enabled = true
filter = sshd
port = 22
action = %(action_mwl)s
logpath = /var/log/secure

3、启动Fail2ban服务

1
2
$ sudo systemctl start fail2ban.service
$ sudo systemctl enable fail2ban.service

4、查看ssh状态

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 20
|- Total banned: 20
`- Banned IP list: 1.252.24.138 142.93.153.234 157.230.9.239 \
159.65.145.175 159.65.148.178 159.65.151.151 165.227.39.62 \
183.157.142.164 183.230.146.26 192.99.255.47 193.201.224.214 \
195.231.4.214 198.98.56.196 198.98.62.146 206.189.132.42 \
209.141.35.22 223.113.91.54 24.90.25.51 59.20.205.178 68.183.99.64

5、查看实时日志

1
$ sudo tail -f /var/log/fail2ban.log

6、最近一个启动fail2ban日志

1
journalctl -b -u fail2ban

7、查看登录失败的日志

1
2
3
4
$ sudo cat /var/log/secure |grep 'Failed password'
May 16 20:42:55 10-255-0-83 sshd[21804]: Failed password for root from 185.244.25.105 port 35412 ssh2
May 16 21:08:06 10-255-0-83 sshd[25255]: Failed password for root from 40.73.39.211 port 41718 ssh2
May 16 21:13:51 10-255-0-83 sshd[25935]: Failed password for root from 105.103.132.251 port 19628 ssh2

8、解锁IP

1
$ fail2ban-client set sshd unbanip IP
如果对你有帮助,请我喝杯奶茶吧!
pengshp 微信

微信

pengshp 支付宝

支付宝

欢迎关注我的其它发布渠道