如果你的 SSH 沒辦法鎖 IP,也沒辦法換 port 的話,那就可以用 fail2ban 擋一下了!~
步驟
-
安裝 fail2ban
yum install epel-release yum install fail2ban systemctl enable fail2ban
-
設定 conf編輯 /etc/fail2ban/jail.local 或是修改 /etc/fail2ban/jail.conf
[DEFAULT] # Ban hosts for one hour: ignoreip = 127.0.0.1/8 bantime = 86400 findtime = 600 maxretry = 10 # Override /etc/fail2ban/jail.d/00-firewalld.conf: # if you use iptables firewall use this one # banaction = iptables-multiport # if you use firewalld firewall use this one banaction = firewallcmd-ipset action = %(action_mwl)s [sshd] enabled = true filter = sshd port = 22 action = %(action_mwl)s logpath = /var/log/secure
以上的設定會在 try 10 次密碼失敗後鎖住一整天 (86400 秒)鎖定的方式是透過 firewalld,如果你用 iptables 的話就要看一下說明改設定了!~ -
啟動 fail2ban
systemctl start fail2ban
-
檢查狀態如果要看目前的狀態則可使用
fail2ban-client status
正常應該出現以下訊息,表示 sshd 已經被列入監管了!Status |- Number of jail: 1 `- Jail list: sshd
如果要看是否有 ip 被擋掉!~ 那就這樣看fail2ban-client status sshd
嗯,才剛設定起來就有 ip 被 banned 了!!Status for the jail: sshd |- Filter | |- Currently failed: 4 | |- Total failed: 52 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 218.92.1.152
-
取消被 ban 掉的 IP
fail2ban-client set sshd unbanip youripaddress
註解
Facebook 討論區載入中...