Article Title: Use fail2ban to prevent scanning attacks. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Go to http://fail2ban.sourceforge.net/rpms/to find the latest rpm package for installation. After installation, you can change the configuration according to your own situation. Vi/etc/fail2ban. conf # Start fail2ban in daemon mode
Background = true # allowed attempts
Maxfailures = 3 # The lock time after triggering maxfailures (in seconds); set to-1 to indicate permanent blocking
Bantime = 3600 # Use the error records in the findtime (seconds) time as the reference for maxfailures counting
Findtime = 600 # exclude IP ranges and separate them with blank spaces
Ignoreip = 127.0.0.1 192.168.0.0/24 # Disable mail Notification
[MAIL] enabled = false # modify from VSFTPD and keep the original settings For unmentioned parts
[PROFTPD] enabled = true
Logfile =/var/log/proftpd. log
Failregex = no such user | Incorrect password # keep the original settings For unmentioned parts
[SSH] enabled = true
Logfile =/var/log/secureservice fail2ban start after the service is started, you can see that an attacked bot has been banned in/var/log/fail2ban. log every day.
09:13:33, 532 WARNING: SSH: Ban (3600 s) 205.189.197.66
12:24:41, 943 WARNING: SSH: Ban (3600 s) 121.52.209.5