Shulou(Shulou.com)06/01 Report--

The system is centos 6.464 bit

Fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page

Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

Http://www.onerussian.com/tmp/fail2ban-pycon2014.pdf this is the documentation for pdf, but it's relatively simple.

Fail2ban can monitor your system log, and then match the log error messages (regular matching) to perform corresponding masking actions (usually calling firewall masking). For example, when someone is testing your SSH, SMTP and FTP passwords, as long as you reach your preset number of times, fail2ban will call the firewall to block the IP, and you can send e-mail to notify the system administrator

We need to have a certain mechanism for illegal login of ssh, and fail2ban can do it.

Download: https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.13

Installation:

Tar-xzf fail2ban-0.8.13.tar.gzcd fail2ban-0.8.13python setup.py install cd files/cp. / redhat-initd / etc/init.d/fail2banchkconfig-- add fail2ban

Configuration directory: / etc/fail2ban

/ etc/fail2ban/action.d # configuration files such as firewall, iptables, mail, sendmail, etc.

/ etc/fail2ban/filter.d # apache, nagios, nginx-http-auth, php-url-fopen, selinux-ssh and other protection strategies

/ etc/fail2ban/jail.conf # main configuration file

Edit the configuration file:

Vim / etc/fail2ban/jail.conf # is added under the two lines # [ssh-iptables] # enabled = true

[ssh-iptables] enabled = truefilter = sshdaction = iptables [name=SSH, port=ssh, protocol=tcp] sendmail-whois [name=SSH,dest=your_mail@163.com,sender=root@localhost,sendername= "Fail2Ban"] logpath = / var/log/secure # provides log for analysis. Centos defaults to this path axretry = 5 # attempts bantime = 172800 # reject time / second [DEFAULT] # the following is the global configuration under the constraint Do not add ignoreip = 127.0.0.1 to 8 # ignored ipbantime = 600 # shielding time findtime = 600 # during this period maxretry = 3 # number of errors backend = autousedns = warn

If you modify the [ssh-iptables] option above, comment or delete the [ssh-iptables] option below, or the service will not work with the same two option settings.

There are many options below. Changing enabled = false to enabled = true will take effect.

The corresponding configuration file path: / etc/fail2ban/filter.d/ also needs to be modified.

Start the service:

Service fail2ban restart

The process of fail2ban

/ usr/bin/python / usr/bin/fail2ban-server-b-s / var/run/fail2ban/fail2ban.sock-p / var/run/fail2ban/fail2ban.pid-x

View status:

Fail2ban-client status

View blocked ip

Iptables-L

REJECT all-192.168.22.236 anywhere reject-with icmp-port-unreachable

If you restart iptables, you must also restart fail2ban, otherwise it will not take effect. The filter table of fail2ban is added after iptables is started.

If there is this error prompt, remove the space before [ssh-iptables].

Starting fail2ban: ERROR Failed during configuration: File contains no section headers.

File: / etc/fail2ban/jail.conf, line: 17

'[ssh-iptables]\ n'

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.