Centos7配置fail2ban防止ssh被暴力破解-工具盒子

当前系统centos7.5

1、配置epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

|---|-------------------------------------------------------------------------------| | 1 | wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo |

2、安装fail2ban
yum install fail2ban

|---|----------------------| | 1 | yum install fail2ban |

3、查看当前版本
fail2ban-server -V

|---|--------------------| | 1 | fail2ban-server -V |

4、配置
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

|---|-----------------------------------------------------| | 1 | cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local |

vi /etc/fail2ban/jail.local

|---|-----------------------------| | 1 | vi /etc/fail2ban/jail.local |

在最后添加以下内容
[ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=22, protocol=tcp] #sendmail-whois[name=SSH, dest=your@email.com, sender=fail2ban@email.com] logpath = /var/log/secure maxretry = 3 bantime = 300

|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 | [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=22, protocol=tcp] #sendmail-whois[name=SSH, dest=your@email.com, sender=fail2ban@email.com] logpath = /var/log/secure maxretry = 3 bantime = 300 |

maxretry表示最大尝试次数达到3次，bantime客户端300秒内禁止连接

5、启动fail2ban服务
systemctl start fail2ban

|---|--------------------------| | 1 | systemctl start fail2ban |

6、验证

启动后验证fail2ban是否正常运行
fail2ban-client ping

|---|----------------------| | 1 | fail2ban-client ping |

正常响应内容为Server replied: pong

7、测试

连接当前主机，连续输错三次密码则会拒绝连接

查看被禁止的IP
fail2ban-client status ssh-iptables

|---|-------------------------------------| | 1 | fail2ban-client status ssh-iptables |

此处ssh-iptables为jail.local的[ssh-iptables]名称