Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use Fail2ban to prohibit designated IP access under CentOS". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to use Fail2ban to prohibit designated IP access under CentOS".

Installation and configuration

The fail2ban tool automatically ban the IP of the intruder by analyzing the log, which can be downloaded from:

Http://fail2ban.sourceforge.net/rpms/

Find the latest version of the rpm package to install, after installation, slightly change the configuration according to your own situation and you can use it.

The code is as follows:

Vi / etc/fail2ban.conf

# start fail2ban in daemon mode

Background = true

# number of attempts allowed

Maxfailures = 3

# blocking time after triggering maxfailures (seconds); set to-1 to permanently block

Bantime = 3600

# take the error record within the findtime (second) time as the counting benchmark for maxfailures

Findtime = 600,

# exclude the scope of IP, separated by whitespace

Ignoreip = 127.0.0.1 192.168.0.0Universe 24

# do not enable mail notification

[MAIL]

Enabled = false

# modified from VSFTPD, the unmentioned parts keep the original settings

[PROFTPD]

Enabled = true

Logfile = / var/log/proftpd/proftpd.log

Failregex = no such user | Incorrect password

# the unmentioned parts remain the original setting

[SSH]

Enabled = true

Logfile = / var/log/secure

Service fail2ban start

Every day after the service is launched, you can see attacking broilers being ban in / var/log/fail2ban.log.

The code is as follows:

2015-08-01 09 WARNING: SSH: Ban (3600 s) 205.189.197.66

WARNING: SSH: Ban (3600 s) 121.52.209.5

Remove IP prohibited by Fail2ban

If you have installed and used fail2ban to protect your web server, you may want to know how to find IP blocked by fail2ban in CentOS 6, CentOS 7, RHEL 6, RHEL 7 and Oracle Linux 6x7, or you want to remove ip from fail2ban prison.

To view all prohibited ip addresses, run the following command:

The code is as follows:

# iptables-L

Chain INPUT (policy ACCEPT)

Target prot opt source destination

F2b-AccessForbidden tcp-anywhere anywhere tcp dpt:http

F2b-WPLogin tcp-anywhere anywhere tcp dpt:http

F2b-ConnLimit tcp-anywhere anywhere tcp dpt:http

F2b-ReqLimit tcp-anywhere anywhere tcp dpt:http

F2b-NoAuthFailures tcp-anywhere anywhere tcp dpt:http

F2b-SSH tcp-anywhere anywhere tcp dpt:ssh

F2b-php-url-open tcp-anywhere anywhere tcp dpt:http

F2b-nginx-http-auth tcp-anywhere anywhere multiport dports http,https

ACCEPT all-anywhere anywhere state RELATED,ESTABLISHED

ACCEPT icmp-anywhere anywhere

ACCEPT all-anywhere anywhere

ACCEPT tcp-anywhere anywhere tcp dpt:EtherNet/IP-1

ACCEPT tcp-anywhere anywhere tcp dpt:http

REJECT all-anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

REJECT all-anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Chain f2b-NoAuthFailures (1 references)

Target prot opt source destination

REJECT all-64.68.50.128 anywhere reject-with icmp-port-unreachable

REJECT all-104.194.26.205 anywhere reject-with icmp-port-unreachable

RETURN all-anywhere anywhere

Remove IP from Fail2ban

The code is as follows:

# iptables-D f2b-NoAuthFailures-s banned_ip-j REJECT

Thank you for your reading, the above is the content of "how to use Fail2ban to prohibit specified IP access under CentOS". After the study of this article, I believe you have a deeper understanding of how to use Fail2ban to prohibit designated IP access under CentOS, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.