1.问题背景
本打算买一个Linux服务器玩玩,系统为CentOS 7,供学习Linux和线上部署网站学习用。没想到买了没几天,啥都没做呢,登录之后发现了近2万条登录失败记录(输入lastb
命令即可查看登入系统失败的用户相关信息)。什么?有人想通过暴力破解密码来登录我的服务器?!并且大量的攻击来自同一个ip地址。作为一个Linux小白,差点被吓尿了,网络真危险啊。
不过虽然是小白,也不甘示弱,有攻击就要有防御,现状开始逼迫我去学习关于Linux服务器安全防护的知识,要守住自己在网上的一块领地。
2.安装Fail2ban
在Q群上和小伙伴讨论过程中,发现了fail2ban这个利器。fail2ban能阻止暴力破解,如果fail2ban发现一个ip在暴力攻击,攻击次数达到一定次数时,就会禁止改ip连接服务器,以达到阻止暴力破解密码的目的。之前看登录失败日志,一个ip攻击了我上万次,现在有了fail2ban,它可做不了了,赶紧开始我们的安装。
安装fail2ban
输入以下两条命令即可安装
yum install epel-release
yum install fail2ban
说明:
- yum install epel-release
:安装EPEL仓库(Extra Packages for Enterprise Linux)
- yum install fail2ban
:从EPEL仓库安装fail2ban
fail2ban配置文件
打开配置文件
nano /etc/fail2ban/jail.conf
开头会见到如下说明
#
# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
# [sshd]
# enabled = true
#
# See jail.conf(5) man page for more information
大意是不要修改这个配置文件,而应该新建一个jail.conf来写用户配置。
先查看配置文件内默认的配置(仅列出前面5项):
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#
# "ignoreip" can be an IP