Fail2ban是一款用于保护Linux服务器免受攻击的工具,它通过监控系统日志文件,识别并封锁恶意IP地址,从而防止服务器被频繁访问或遭受拒绝服务攻击,下面是使用Fail2ban保护Linux服务器的详细步骤:
1、安装Fail2ban
在Debian/Ubuntu系统上,可以使用aptget命令进行安装:
“`
sudo aptget update
sudo aptget install fail2ban
“`
在CentOS/RHEL系统上,可以使用yum命令进行安装:
“`
sudo yum install epelrelease
sudo yum install fail2ban
“`
2、配置Fail2ban
编辑Fail2ban配置文件/etc/fail2ban/jail.local,根据需要进行配置,以下是一些常用的配置选项:
“`
[DEFAULT]
# Ban time in seconds
bantime = 3600
# Action to take when a new IP is banned
action = iptables[name=DROP, port=ssh]
# Log file to monitor for new IPs
logpath = /var/log/auth.log
# Regular expression to match new IP addresses
findtime = 86400
# Number of previous occurrences of an IP address required before banning it
maxretry = 5
“`
保存并关闭配置文件。
3、启动Fail2ban服务
在Debian/Ubuntu系统上,可以使用systemctl命令启动Fail2ban服务:
“`
sudo systemctl start fail2ban
“`
在CentOS/RHEL系统上,可以使用service命令启动Fail2ban服务:
“`
sudo service fail2ban start
“`
若要使Fail2ban服务随系统启动而自动运行,可以使用以下命令启用自启动:
“`
sudo systemctl enable fail2ban
“`
或
“`
sudo chkconfig fail2ban on
“`
4、监控和测试Fail2ban是否正常工作
Fail2ban会自动开始监控指定的日志文件,并根据配置的规则对恶意IP地址进行封锁,可以通过查看/var/log/fail2ban.log日志文件来确认Fail2ban是否正常工作,如果看到类似以下的输出,则表示Fail2ban已成功封锁了恶意IP地址:
“`
Jul 17 10:34:56 server fail2ban[12345]: Ban xxx.xxx.xxx.xxx completed, total banned IPs: 10000000000000000000000000000000, banned IP list size: 19999999999999999999999999999999, output size: 19999999999999999999999999999999, average ban delay: 3600s, current ban delay: 3600s, max ban delay: 3600s, min ban delay: 3600s, ban reason: Too many authentication failures for user root from xxx.xxx.xxx.xxx port 54777 sshd[sshd] [pid=12345] [active since Mon Jul 17 10:34:56 2023] [total failed logins: 15] [successful logins: 15] [attempted passwords: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [last successful login: Mon Jul 17 10:34:56 2023] [last failed login: Mon Jul 17 10:34:56 2023] [failed password attempts since last login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [login attempts since first failed login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [failed password attempts since first failed login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total login attempts since first login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total failed login attempts since first failed login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total successful login attempts since first successful login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total failed login attempts since first successful login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total successful login attempts since first failed login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total failed login attempts since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful
原创文章,作者:未希,如若转载,请注明出处:https://www.kdun.com/ask/655912.html
微信扫一扫