0x0034's Blog.

CentOS 7/8 安装fail2ban+iptables预防爆破

字数统计: 162阅读时长: 1 min
2022/01/24

fail2ban

安装epel

  • CentOS7
1
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
  • CentOS8
1
2
3
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*

安装fail2ban

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
yum install -y fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

cat <<EOF > /etc/fail2ban/jail.local
[ssh-iptables]
 ignoreip = 127.0.0.1/8 192.168.1.0/24
 enabled  = true
 filter   = sshd
 action   = iptables[name=SSH, port=22, protocol=tcp]
 logpath  = /var/log/secure
 maxretry = 3
 findtime  = 300 
EOF


systemctl enable --now fail2ban

使用fail2ban

1
2
3
4
5
6
7
8
# 查看ssh-iptables状态
fail2ban-client status ssh-iptables

# 取消IP ban
fail2ban-client set ssh-iptables unbanip 23.34.45.56

# IP ban
fail2ban-client set ssh-iptables banip 23.34.45.56

原文作者:0x0034

原文链接:https://0x0034.github.io/2022/01/24/CentOS-7-8-%E5%AE%89%E8%A3%85fail2ban-iptables%E9%A2%84%E9%98%B2%E7%88%86%E7%A0%B4/

发表日期:January 24th 2022, 6:07:09 pm

更新日期:January 25th 2022, 9:06:22 am

版权声明:本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

CATALOG
  1. 1. fail2ban
    1. 1.1. 安装epel
    2. 1.2. 安装fail2ban
    3. 1.3. 使用fail2ban
Total : 32
2022
2021
helm kubernetes java chartmuseum helm3 源码 go linux 性能分析 工具 CPU性能优化 pidstat percona-xtradb-cluster-operator mysql operator pmm-server 安装文档 mac 配置问题 vscode MySQL iptables ssh 通用脚本 centos xfs_repair docker jre docker remote api macos ubuntu