Posted Updated Linux3 minutes read (About 517 words)

fail2ban阻止SSH暴力破解

引用:fail2ban阻止SSH暴力破解

​ fail2ban是由Python语言开发监控软件,通过监控系统日志的登录信息来调用iptables屏蔽相应登录IP,以阻止某个IP(fail2ban读对应日志文件,Debian/Ubuntu:/var/log/auth.log、CentOS/Redhat:/var/log/secure)不停尝试密码。fail2ban在防御对SSH服务器的暴力密码破解上非常有用。经过网友强烈要求,已经集成到《OneinStack

安装配置Fail2ban

使用《OneinStack》,内置fail2ban,一键安装并设置好即可

1
2
3
wget mirrors.linuxeye.com/oneinstack.tar.gz
pushd oneinstack
./addons.sh  #选择11,安装fail2ban

tu

Fail2ban配置文件说明

1
2
3
4
5
6
7
8
9
10
11
[root@OneinStack ~]# cat /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8  #指定哪些地址可以忽略 fail2ban 防御
bantime  = 86400         #客户端主机被禁止的时长(秒)
findtime = 600             #查找失败次数的时长(秒)
maxretry = 5                 #客户端主机被禁止前允许失败的次数
[ssh-iptables]
enabled = true
filter  = sshd
action  = iptables[name=SSH, port=22, protocol=tcp]
logpath = /var/log/secure

fail2ban会自动禁止在最近10分钟内有超过5次访问尝试失败的任意IP地址。这个IP地址将会在24小时内一直被禁止访问SSH服务。安装设置启用后,Fail2ban会在iptables添加相关规则,如下:

tu

fail2ban测试

ssh 你的服务器IP,输错密码5次以上,查看日志/var/log/fail2ban.log [ssh-iptables] Ban 91.195.103.166即被禁用

fail2ban状态

/usr/local/python/bin/fail2ban-client status ssh-iptables

显示出被禁止IP地址列表

fail2ban解锁IP

为了解锁特定的IP地址命令:

/usr/local/python/bin/fail2ban-client set ssh-iptables unbanip 91.195.103.166

Like this article? Support the author with

Comments

Follow

Categories

Subscribe for updates

Recents

Tags

Android4
Apple1
BBR1
Btrfs1
CSV1
CentOS 71
Chrome2
Debian1
Debian121
Docker1
Github1
Google Play1
HTTP2
Hash1
IPV41
Java3
Linux5
NAS1
None1
OneDrive1
Python3
SSH1
Ubuntu181
XML1
Xposed1
brew1
csv2
dic1
dict1
docker1
hexo1
iTunes1
list1
macOS5
npm2
path1
pip1
python, linux1
tar1
terminal2
txt1
ufw1
unRAID2
vant1
webp1
windows1
xml1
yaml1
zsh1
刷机1
叉号1
小米 61
开关机1
手机号1
格式化时间1
端口1
网卡1
Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×

×