Password protection: Fail2Ban

Source: Internet
Author: User
Tags password protection ssh port

Which of the following is the best choice. There seems to be a lot of crisis on the Internet, and no matter whether it is a machine or a manual "poor password and password", there will be no more. In this case, you can modify the service port, such as-Modify the SSH port in Linux. However, this strategy is always temporary. Therefore, we need to add a line of defense to the server, and use the Fail2Ban tool to automatically block the "poor password server ".

Note: The following methods are applicable to CentOS and must be used with iptables to run-Basic Application of iptables Firewall


1. Download and decompress Fail2Ban
wget http://soft.kwx.gd/security/fail2ban-0.8.4.tar.bz2

Run the preceding command in SSH to download Fail2Ban 0.8.4.


tar -xjvf fail2ban-0.8.4.tar.bz2

Execute the sshcommand to cancel fail2ban-0.8.4.tar.bz2.


cd fail2ban-0.8.4

SSH executes the above command to enter the fail2ban-0.8.4 folder.


Ii. Install Fail2Ban
Python setup. py install # Run the installation script cd files # enter the files Folder cp. /redhat-initd/etc/init. d/fail2ban # copy the file to the startup list chkconfig -- add fail2ban # create a startup Item service fail2ban start # Test Run

Run the above line-by-line command in SSH to install Fail2Ban and add it to the startup Item. No need to copy the yellow text.

If Fail2Ban is enabled, the installation is successful.


3. modify the configuration file
1. Enter the Directory
cd /etc/fail2ban

2. Modify the overall configuration file jail. conf.
(1) overall configuration
# This ip address or ip segment is an exception and is not affected by the following conditions: ignoreip = 127.0.0.1 # blocking time (for example, 86400 in a day) bantime = 600 # When the condition is reached, the blocking will start, if it reaches 3 times in 600 seconds, it is executed. # Unit: Second findtime = 600 # number of errors in the preceding conditions. If the number of errors reaches 3 in 600 seconds, the execution is performed. # Unit: maxretry = 3

(2) SSH settings
[Ssh-iptables] enabled = false # enable or not, truefilter = sshdaction = iptables [name = SSH, port = ssh, protocol = tcp] # post is the port number sendmail-whois [name = SSH, dest = you@mail.com, sender = fail2ban@mail.com] # Red words above-you@mail.com, it is your email address and sender address (the same as recommended) # The sendmail service is required for sending emails. If this service is not available or you do not need to send emails, add the # sign before sendmail to comment out. Logpath =/var/log/sshd. log # corresponding error log, generally:/var/log/securemaxretry = 5 # Number of error attempts

(3) proftpd settings
[Proftpd-iptables] enabled = false # enable or not, truefilter = proftpdaction = iptables [name = ProFTPD, port = ftp, protocol = tcp] sendmail-whois [name = ProFTPD, dest = you@mail.com] # The red text above is the same as the SSH setting. Logpath =/var/log/proftpd. log # corresponding error log maxretry = 6 # Number of error attempts

Note: The above "corresponding error log" file must match with the actual file; otherwise, Fail2Ban will not work properly.


4. Save and restart Fail2Ban
Service fail2ban restart # restart fail2banchkconfig fail2ban on # Set to auto start upon startup

5. Verify that Fail2Ban is running properly
fail2ban-client status

Run the preceding command in SSH to check whether the monitoring status enabled by fail2ban is running, but the actual effect is not displayed.

For example, the SSH and proftpd settings demonstrated in step 3 have taken effect. You can also use iptables-L-n to view the blocked IP addresses.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.