Linux anti-violence hack remote password artifact-fail2ban

Installation: Fail2ban

[Email protected] ~]# TAR-ZXVF fail2ban-0.8.14.tar.gz

[Email protected] fail2ban-0.8.14]# cdfail2ban-0.8.14

View Installation Guide README.MD

[Email protected] ~]# cdfail2ban-0.8.14

[[email protected]] #python setup.py Install

Build Service startup script:

[Email protected]]# CP Files/redhat-initd/etc/init.d/fail2ban

[Email protected]]# chkconfig--add Fail2ban

[Email protected]]# chkconfig--listfail2ban

Fail2ban 0:off 1:off 2:off 3:on 4:on 5:on 6:off

Set conditions: SSH telnet 5 minutes 3 times password Authentication failed, the user IP access to the host 1 hours, 1 hours the limit is automatically lifted, this IP can be re-login.

[Email protected] ~]# vim/etc/fail2ban/jail.conf #改以下红色标记内容

[Ssh-iptables]

Enabled =true

Filter = sshd

Action = Iptables[name=ssh, port=ssh,protocol=tcp]

Sendmail-whois[name=ssh,[email protected], [email protected],sendername= "Fail2ban"]

LogPath =/var/log/secure

Findtime = #需要新添加

Maxretry = 3

Bantime = 3600 #需要新添加

Start the service:

[[email protected] fail2ban-0.8.14] #servicefail2ban start

Starting Fail2ban: [OK]

Test

To view the Fail2ban service running status:

[Email protected]]# fail2ban-clientstatus #配置好之后我们检测下fail2ban是否工作.

Status

|-number of Jail:1

'-jail list:ssh-iptables

[Email protected]]# fail2ban-client Status Ssh-iptables

#具体看某一项的状态也可以看, if the display of the banned IP and the number indicates success, if all is 0, the description is unsuccessful.

Statusfor the Jail:ssh-iptables

|-filter

| |-File list:/var/log/secure

| |-currently failed:0

| '-Total Failed:3

'-action

|-currently Banned:1

   | '-ip list:192.168.1.2

'-Total banned:1

Linux anti-violence hack remote password artifact-fail2ban