使用fail2ban防御linux服务器SSH暴力攻击
1. 安装fail2ban
yum install fail2ban
2. 为ssh服务配置fail2ban
新建配置文件: /etc/fail2ban/jail.d/sshd.local
[ssh-iptables]
ignoreip = 127.0.0.1
enabled = true
filter = sshd
action = iptables[name=SSH, port=21725, protocol=tcp]
logpath = /var/log/secure
bantime = 36000
findtime = 360
maxretry = 3
3. 修改iptables动作中的端口号(modify ssh port)
/etc/fail2ban/action.d/iptables.conf中
修改port=21725
4. 重启fail2ban
systemctl restart fail2ban
systemctl enable fail2ban
5. 验证fail2ban服务状态
fail2ban-client ping
fail2ban-client status
fail2ban-client status ssh-iptables
6. 检查被iptables禁止的ip
iptables --list -n
7. 解锁某个ip
fail2ban-client set ssh-iptables unbanip 192.168.2.88
浙公网安备 33010602011771号