Server 安裝完成提供對外的服務,如果沒有設定防火牆,或是限定連線來源,隨時隨地都會受到來自網路上的各種嘗試攻擊,所以必須耤助相關的工具,來協助解決這樣的問題。
底下是來自 SSH 的嘗試攻擊
# grep Failed /var/log/secure
sshd[7935]: Failed password for invalid user cacti from 66.197.211.18 port 39463 ssh2
sshd[7937]: Failed password for invalid user test1 from 66.197.211.18 port 40185 ssh2
sshd[7939]: Failed password for root from 66.197.211.18 port 40773 ssh2
sshd[7966]: Failed password for invalid user git from 66.197.211.18 port 41463 ssh2
sshd[7968]: Failed password for invalid user git from 66.197.211.18 port 42190 ssh2
sshd[7970]: Failed password for mysql from 66.197.211.18 port 42754 ssh2
sshd[7972]: Failed password for mysql from 66.197.211.18 port 43388 ssh2[@more@]來自網頁上的攻擊
# grep admin /var/log/httpd/error_log
[error] [client 70.87.15.74] File does not exist: /var/www/html/admin
[error] [client 70.87.15.74] File does not exist: /var/www/html/dbadmin
[error] [client 70.87.15.74] File does not exist: /var/www/html/myadmin
[error] [client 70.87.15.74] File does not exist: /var/www/html/mysqladmin
[error] [client 70.87.15.74] File does not exist: /var/www/html/phpadmin
[error] [client 70.87.15.74] File does not exist: /var/www/html/phpmyadmin
[error] [client 70.87.15.74] File does not exist: /var/www/html/php-my-admin
[error] [client 70.87.15.74] File does not exist: /var/www/html/phpmyadmin1
[error] [client 70.87.15.74] File does not exist: /var/www/html/phpmyadmin2
這一類的工具非常的多,如:SSHBlock / DenyHosts / Fail2ban 等等,這些工具都很不錯,但這裡我選用的是 fail2ban,因為它支援多種常見的服務,如:SSH / FTP / Apache 等等。
Fail2ban 官方網站:http://www.fail2ban.org/wiki/index.php/Main_Page
底下是它的安裝方式:
以 CentOS 6.x 為例,因為 fail2ban 不是官方套件庫中的套件,所以必須先安裝第三方套件庫 epel 或 rpmforge
安裝 epel 第三方套件庫
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
更新套件庫來源
# yum update
安裝 fail2ban
# yum install fail2ban
fail2ban 預設開機就會啟動
# chkconfig –list fail2ban
fail2ban 0:off 1:off 2:off 3:on 4:on 5:on 6:off