安裝 fail2ban 套件
# apt-get install fail2ban
備份設定檔
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.$(date +%F)
修改設定(封鎖時間及嘗試錯誤次數)
# sed -i ‘s/^bantime = 600/bantime = 86400/’ /etc/fail2ban/jail.conf
# sed -i ’66s/^maxretry = 5/maxretry = 3/’ /etc/fail2ban/jail.conf[@more@]重新啟動 fail2ban
# systemctl restart fail2ban
檢查 fail2ban 的狀態
# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
以 Client IP 192.168.1.17 嘗試對 Server IP 192.168.1.16 嘗試連線錯誤幾次之後
列出 fail2ban 偵測到的 SSH 攻擊
# fail2ban-client status sshd
Status for the jail: ssh
|- Filter
| |- File list: /var/log/auth.log
| |- Currently failed: 0
| `- Total failed: 7
`- Action
|- Currently banned: 2
| `- IP list: 192.168.1.17 123.31.34.182
`- Total banned: 2
列出 f2b-sshd 的規則
# iptables -t filter -L f2b-sshd -n
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all — 192.168.1.17 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all — 123.31.34.182 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all — 0.0.0.0/0 0.0.0.0/0
解除方式:
# iptables -D f2b-sshd -s 192.168.1.17 -j REJECT