Use fail2ban to block password attempts

Use fail2ban to block password attempts

Some hosts that open the Internet port may encounter brute force password intrusion. Although the password settings are complicated, a long time attempt will write a large number of logs to/var/logs/secure, this will also increase the burden on the system. Fail2ban can solve this problem well and set the maximum number of attempts. When the number of attempts exceeds the specified number, fail2ban will call iptables to add the IP addresses to the blacklist and lock the disconnection time, you can set the number of times and lock time according to your own settings. You need to start iptables. The following is a one-click configuration script:

#! /Bin/bash
# Author by thundermeng
# Mail: thundermeng@live.cn

# Install fail2ban

Wget http://soft.kwx.gd/security/fail2ban-0.8.4.tar.bz2
Tar xfj fail2ban-0.8.4.tar.bz2
Cd fail2ban-0.8.4
Python setup. py install
Cd files
Cp./RedHat-initd/etc/init. d/fail2ban
Chkconfig fail2ban on


# Configuration
Sed-I '/\ [ssh-iptables \]/{n; s/enabled = false/enabled = true/}'/etc/fail2ban/jail. conf
Sed-ri '/^ \ [ssh-iptables \] $/,/^ \ [ssh-ddos \] $/{s # (logpath = ). * # \ 1/var/log/secure #} '/etc/fail2ban/jail. conf

/Etc/init. d/iptables start
/Etc/init. d/fail2ban start

Fail2ban-client status
Iptables-L

-------------------------------------- Split line --------------------------------------

Iptables examples

Iptables-packet filtering (Network Layer) Firewall

Linux Firewall iptables

Iptables + L7 + Squid implements a complete software firewall

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

-------------------------------------- Split line --------------------------------------

This article permanently updates the link address: