Deploy fail2ban to prevent brute force cracking of ssh passwords 01/18 Update SLTechnology News&Howtos

Deploy fail2ban to prevent brute force cracking of ssh passwords

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Fail2ban can monitor your system log, and then match the log error messages (regular matching) to perform corresponding shielding actions (usually call firewall shielding), such as: when someone is testing your SSH, SMTP, FTP password, as long as it reaches your preset number of times, fail2ban will call the firewall to block the IP, and can send e-mail to notify the system administrator, is a very practical, very powerful software!

Steps:

# cd / etc/yum.repos.d/

# wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

# yum install gamin-python

# wget ftp://rpmfind.net/linux/epel/6/x86_64/python-inotify-0.9.1-1.el6.noarch.rpm

# rpm-ivh python-inotify-0.9.1-1.el6.noarch.rpm

# wget ftp://rpmfind.net/linux/epel/6/x86_64/fail2ban-0.8.14-1.el6.noarch.rpm

# rpm-ivh fail2ban-0.8.14-1.el6.noarch.rpm

# chkconfig fail2ban on

# vim / etc/fail2ban/jail.conf

[DEFAULT] # Global setting ignoreip = 127.0.0.1 # ignore IP, the IP in this list will not be blocked, multiple spaces are used to separate bantime = 600 # shielding time, in seconds findtime = 600 # the number of times exceeded within this time period will be ban maxretry = 3 # global maximum number of attempts (tested (with a small delay) [ssh-iptables] # is equivalent to the tag indicating whether enabled = true # activates this item (true/false) filter = sshd # the name of the filter rule filter Corresponding to the relevant parameters of sshd.conf action = iptables [name=SSH, port= port, protocol=tcp] # action sendmail-whois [name=SSH, dest=root, sender=fail2ban@mail.com] # in the filter.d directory, send mail and cannot log out. By default, you can logpath = / var/log/secure # ssh logging location maxretry = 5 # maximum number of attempts This item overrides the global maxretry setting (with a small delay in the number of times)

# service fail2ban start

Fail2ban will follow your filtering rules (filter = sshd, that is, filter.d/sshd.conf) to view the corresponding log file (logpath=/var/log/secure), and then record it within findtime = 600 "10 minutes" (whichever time is global). If you reach maxretry = 5, take the appropriate action action (ptables.conf and sendmail-whois.conf), and the time limit is bantime = 600.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.