fail2ban防止服务器遭暴力破解

fail2ban

监控日志信息，发现异常并邮件通知管理员。

官网

Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

http://www.fail2ban.org

工作原理

通过分析一段时间内服务日志，将满足特定动作的IP加入IPtable中的drop列表。

下载地址

下载列表

http://www.fail2ban.org/wiki/index.php/Downloads

| Red Hat/CentOS | RPMs are available through EPEL |

-- https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

-- https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

-- RHEL/CentOS 7:

   # yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

    on RHEL 7 it is recommended to also enable the optional, extras, and HA repositories since EPEL packages may depend on packages from these repositories:

   # subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"  --enable "rhel-ha-for-rhel-*-server-rpms"

-- RHEL/CentOS 8:

   # yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

安装

Required

python ≥ 2.3 

Optional

gamin ≥ 0.0.21

Install

tar xvfj fail2ban-0.8.5.tar.bz2
cd fail2ban-0.8.5
python setup.py install

设置条件

要求

ssh远程登陆5分钟内3次失败，禁止该IP访问1小时，1小时后解除。

配置

配置jail.conf文件