原理:
通过调用iptables等安全策略来达到防暴力破解的目的.
环境:
centos 7 :192.168.253.130
1.安装fail2ban
[root@hya ~]# yum -y install epel-release epel库里有fail2ban所以直接下载
[root@hya ~]# yum -y install fail2ban
2.配置fail2ban
[root@hya ~]# vim /etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 60 #屏蔽时间,-1是永久屏蔽
findtime = 60 #设置限定时间内超过 最大尝试次数 限制次数即被封锁
maxretry = 3 #最大尝试次数
backend = auto #日志修改后检测机制
usedns = warn #ssh链接加速
logencoding = auto
enabled = false
[ssh-iptables] ## 分类设置(基于 SSHD 服务的防护)
enabled = true ## 是否开启防护,false 为关闭
filter = sshd ## 过滤规则 filter 名称,对应 filter.d 目录下的 sshd.conf action = iptables[name=SSH, port=22, protocol=tcp]
《###action = iptables[name=SSH, port=ssh, protocol=tcp] ## 动作参数
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] ## 邮件通知参数
## 收件人地址 ## 发件人地址####》 这是个例子
logpath = /var/log/secure ## 检测系统登陆日志文件
maxretry = 3 ## 最大尝试次数
3.进行测试
[root@localhost ~]# ssh 192.168.253.130 连接三次后发现被屏蔽了
ssh: connect to host 192.168.253.130 port 22: Connection refused
[root@hya ~]# fail2ban-client status ssh-iptables 状态
Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 6
| `- File list: /var/log/secure
`- Actions
|- Currently banned: 1
|- Total banned: 2
`- Banned IP list: 192.168.253.137
[root@hya ~]# vim /var/log/secure 通过删除可以接触被屏蔽的ip
Jul 14 22:03:58 localhost sshd[12509]: Failed password for root from 192.168.253.137 port 55829 ssh2
Jul 14 22:03:58 localhost sshd[12509]: Connection closed by 192.168.253.137 port 55829 [preauth]
Jul 14 22:03:58 localhost sshd[12509]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.253.137 user=root