A: Brief introduction
Fail2ban is a utility software that monitors your system logs and then matches the log's error message (regular match) to perform the appropriate masking action
In the enterprise, a lot of people will open the root login, so that there is a chance to give hackers the opportunity to create a brute force, the root user is known as the Super Administrator,
Even if hackers are not successful in brute force, it can also cause your Linux host to respond, so your host load will be high and what we have
method to control it, the following experiment is simple to explain the use of the fail2ban tool, if the students are asked to log into the Fail2ban official documents familiar with the detailed operation.
Second: Experimental environment
System: centos6.4_x64
Version: fail2ban-0.8.14.tar.gz
ip:192.168.182.128
Three: Start the installation
Install the dependency package first
Yum Install GCC GCC wget -yyuminstall shorewall gamin-python Shorewall-shell shorewall-perl Shorewall-common python-inotify python-ctypes-y
Download Fail2ban package, official website for Http://www.fail2ban.org/wiki/index.php/Main_Page
tar zxvf fail2ban-0.8. . Tar . GZCD Fail2ban-0.8. - Install
The default installation path is/etc/fail2ban,jail.conf in the main configuration file.
vim/etc/fail2ban/jail.conf # # # #修改 ###### +Ignoreip =127.0.0.1 94[SSH-Iptables] the theEnabled =ture theFilter =sshd98Action = Iptables[name=ssh, port=SSH, protocol=TCP] AboutSENDMAIL-WHOIS[NAME=SSH, [email protected], [email protected], sendername="Fail2ban"] -LogPath =/var/log/Sshd.log101Maxretry =3 +#"Bantime"is the number of seconds-a host is banned. ABantime = - the +# A Host is bannedifIt has generated"Maxretry"During the Last "Findtime" -# seconds. $Findtime = - $ -#"Maxretry"is the number of failures before a host get banned. -Maxretry =3 the
vim/etc/fail2ban/jail.conf # # # #修改 ###### +Ignoreip =127.0.0.1 94[SSH-Iptables] the the enabled = ture # # #开启ssh-iptables theFilter =sshd98Action = Iptables[name=ssh, port=SSH, protocol=TCP] AboutSENDMAIL-WHOIS[NAME=SSH, [email protected], [email protected], sendername="Fail2ban"] - LogPath =/var/log/Secure # #ssh默认登录的日志存放信息101Maxretry =3 +#"Bantime"is the number of seconds-a host is banned. A bantime = #锁定300秒/5 min . the +# A Host is bannedifIt has generated"Maxretry"During the Last "Findtime" -# seconds. $ findtime = # # # # #发现时间10分钟 $ -#"Maxretry"is the number of failures before a host get banned. - maxretry = 3 # # #三次错误 the
######## #在10分钟内发现有三次ssh链接错误则锁定5分钟
Configure how we start the Source code installation program, first of all add this program to the program to start the inside.
[[Email protected]129-slave fail2ban-0.8. -]#grepChkconfig./*-R--color./files/redhat-initd:# chkconfig:-08[[email protected] fail2ban-0.8.14]# CP./files/redhat-initd/etc /init.d/fail2ban[[email protected] fail2ban-0.8.14]#/etc/init.d/fail2ban startstarting fail2ban:warning Wrong value For ' enabled ' in ' ssh-iptables '. Using default one: "false" [OK][[email protected] Fail2ban -0.8.14]# Ps-aux | grep Fail2banwarning:bad syntax, perhaps a bogus '-'? See/usr/share/doc/procps-3.2.8/faqroot 1533 0.4 1.6 342148 8404? Sl 06:37 0:00/usr/bin/python/usr/bin/fail2ban-server-b-s/var/run/fail2ban/fail2ban.sock-p/var/run/fail2ban/fail 2ban.pid-xroot 1558 0.0 0.1 103248 868 pts/0 s+ 06:37 0:00 grep fail2ban
Next you can see that there are fail2ban processes that we test.
[[Email protected]129-slave fail2ban-0.8. -]#SSH 192.168.182.129The authenticity of host'192.168.182.129 (192.168.182.129)'Can't be established.RSA Key fingerprint is in: -: the: 7b:a0: to: About: AF: -: the: 0e:ed: the: AD:CF: the. Is you sure want to continue connecting (yes/no)?Yeswarning:permanently added'192.168.182.129'(RSA) to the list of known hosts. [Email protected]192.168.182.129's Password:Permission denied, please try again. [Email protected]192.168.182.129's Password:Permission denied, please try again. [Email protected]192.168.182.129's Password:Permission denied (publickey,gssapi-keyex,gssapi-with-Mic,password). [[Email protected]129-slave fail2ban-0.8. -]#SSH 192.168.182.129 ssh: Connect to host 192.168. 182.129 Port : Connection refused
####### #这里我故意输错3次密码, you can see my second link when it was locked directly. #########
Linux Security Tools Fail2ban explosion-proof power crack