一、fail2ban
1、安装
yum install epel-release
yum install fail2ban
2、vi /etc/fail2ban/jail.local
[DEFAULT]
#Ban hosts for one hour:
bantime = 60 #用户验证失败后60秒后可以再次登录
ignoreip = 127.0.0.1/8 #白名单
#Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables
findtime = 600
maxretry = 3 #在600秒内登录3次失败将会被锁定
[sshd]
enabled = true
filter = sshd
port = 22
logpath = /var/log/secure
action = %(action_mwl)s
如果你想配置电子邮件警报,您可以覆盖从该值action_到action_mw。如果您希望电子邮件包含相关日志行,则可以将其更改为action_mwl。如果选择使用邮件警报,则需要确保已配置相应的邮件设置。
3、启动
systemctl restart fail2ban
4、查看ssh的情况
fail2ban-client status sshd
5、解禁
fail2ban-client set sshd unbanip 172.19.8.248
二、portsentry
1、安装
wget http://nchc.dl.sourceforge.net/sourceforge/sentrytools/portsentry-1.2.tar.gz
tar -zxvf portsentry-1.2.tar.gz
cd portsentry_beta
2、将vi portsentry.c中第1584改为一行( sed -i '/Craig H. Rowland/N;s/\n//' portsentry.c)
make linux && make install
看到如下表示安装完成
———————————————————————————————————
Edit /usr/local/psionic/portsentry/portsentry.conf and change
your settings if you haven't already. (route, etc)
WARNING: This version and above now use a new
directory structure for storing the program
and config files (/usr/local/psionic/portsentry).
Please make sure you delete the old files when
the testing of this install is complete.
———————————————————————————————————
开启
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp
touch /usr/local/psionic/portsentry/portsentry.history
开机自启
vi /etc/rc.d/rc.local
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp
source /etc/rc.d/rc.local
检查
tailf /var/log/messages
/etc/hosts.deny
三,portsentry与fail2ban结合
[root@localhost portsentry]# cat /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.0.0/16 172.19.0.0/16 172.20.0.0/16
bantime = 600
[sshd]
enabled = true
[recidive]
enabled = true
[portsentry]
enabled = true
logpath = /usr/local/psionic/portsentry/portsentry.history
maxretry = 1
重启fail2ban