fail2ban可以监视你的系统日志,然后匹配日志的错误信息(正则式匹配)执行相应的屏蔽动作(一般情况下是防火墙),而且可以发送e-mail通知系统管理员,下面就和小编看一下如何安装使用及配置fail2ban,操作平台是centos6.4系统。
安装方法
首先要确定yum源是否可以使用,yum clean all 和yum repolist 如图所示
安装EPEL扩展源,确定linux版本,下载EPEL的rpm安装包
通过以下命令安装EPEL 软件包:rpm -ivh epel-release-6-8.noarch.rpm如图所示
安装好EPEL 源后,用yum 命令来检查是否添加到源列表,如图所示
进行安装fail2ban,如下命令yum -y install fail2ban 操作如下
配置和使用
切换配置目录cd /etc/fail2ban文件夹下,如图所示
主要编辑jail.conf这个配置文件,其他的不要去管它:
ssh防暴力破解:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 5
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 5
[ssh-ddos]
enabled = true
filter = sshd-ddos
action = iptables[name=ssh-ddos, port=ssh,sftp protocol=tcp,udp]
logpath = /var/log/messages
maxretry = 2
enabled = true
filter = sshd-ddos
action = iptables[name=ssh-ddos, port=ssh,sftp protocol=tcp,udp]
logpath = /var/log/messages
maxretry = 2
[ssh-apf]
enabled = true
filter = sshd
action = apf[name=SSH]
logpath = /var/log/secure
maxretry = 5
filter = sshd
action = apf[name=SSH]
logpath = /var/log/secure
maxretry = 5
[selinux-ssh]
enabled = true
filter = selinux-ssh
action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
logpath = /var/log/audit/audit.log
maxretry = 5
filter = selinux-ssh
action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
logpath = /var/log/audit/audit.log
maxretry = 5
可以根据自己实际情况,可以添加apche,nginx,邮件等规则。