使用lastb命令查看登陆记录,闪了很久都没执行完,登陆FTP查看发现日志文件已经好几百兆了;
更换ssh端口太麻烦,还是使用Fail2ban来屏蔽这些IP
tomcat ssh:notty mail.mastersat.c Sat Sep 1 04:13 - 04:13 (00:00) admin ssh:notty 117.25.165.114 Sat Sep 1 04:10 - 04:10 (00:00) root ssh:notty 112.85.42.233 Sat Sep 1 04:03 - 04:03 (00:00) pbm ssh:notty 121.31.5.77 Sat Sep 1 04:02 - 04:02 (00:00) root ssh:notty 112.85.42.233 Sat Sep 1 04:02 - 04:02 (00:00) root ssh:notty 118.24.23.223 Sat Sep 1 03:55 - 03:55 (00:00) blueotec ssh:notty 1.234.85.29 Sat Sep 1 03:49 - 03:49 (00:00) blueotec ssh:notty 1.234.85.29 Sat Sep 1 03:49 - 03:49 (00:00) admin ssh:notty ptr.1miner.ru Sat Sep 1 03:45 - 03:45 (00:00) admin ssh:notty ptr.1miner.ru Sat Sep 1 03:45 - 03:45 (00:00) 0 ssh:notty 5.101.40.101 Sat Sep 1 03:32 - 03:32 (00:00) 0 ssh:notty 5.101.40.101 Sat Sep 1 03:32 - 03:32 (00:00) root ssh:notty 23.99.248.47 Sat Sep 1 03:32 - 03:32 (00:00) root ssh:notty ns522805.ip-158- Sat Sep 1 03:22 - 03:22 (00:00) applmgr ssh:notty 36.158.194.141 Sat Sep 1 03:20 - 03:20 (00:00) applmgr ssh:notty 36.158.194.141 Sat Sep 1 03:20 - 03:20 (00:00) student ssh:notty 165.227.213.177 Sat Sep 1 03:10 - 03:10 (00:00) student ssh:notty 165.227.213.177 Sat Sep 1 03:10 - 03:10 (00:00)
执行安装命令:
#CentOS内置源并未包含fail2ban,需要先安装epel源 yum -y install epel-release #安装fial2ban yum -y install fail2ban
安装成功后Fail2ban的配置目录位于/etc/fail2ban/
其中jail.conf为主配置文件,相关的匹配规则位于filter.d目录
其它目录/文件一般很少用到,如果需要详细了解可自行搜索。
配置规则:
编辑jail.conf文件,末尾添加以下配置 [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/secure bantime = 86400 findtime = 300 maxretry = 3
上面的配置意思是如果同一个IP,在5分钟内,如果连续超过3次错误,则在24小内禁用该IP;
设置为开机启动:
systemctl enable fail2ban
启动:systemctl start fail2ban 重启:systemctl restart fail2ban
查看Fail2ban日志文件:/var/log/fail2ban.log
tail /var/log/fail2ban.log
有信息输出则说明启用成功
2018-09-01 09:34:30,733 fail2ban.actions [20891]: NOTICE [ssh-iptables] Ban 112.196.77.202 2018-09-01 09:34:30,941 fail2ban.actions [20891]: NOTICE [ssh-iptables] Ban 125.64.90.163 2018-09-01 09:36:17,323 fail2ban.filter [20891]: INFO [ssh-iptables] Found 150.129.195.141 2018-09-01 09:36:17,328 fail2ban.filter [20891]: INFO [ssh-iptables] Found 150.129.195.141 2018-09-01 09:36:19,248 fail2ban.filter [20891]: INFO [ssh-iptables] Found 150.129.195.141 2018-09-01 09:36:19,259 fail2ban.actions [20891]: NOTICE [ssh-iptables] Ban 150.129.195.141 2018-09-01 09:36:51,518 fail2ban.filter [20891]: INFO [ssh-iptables] Found 96.80.224.13
查看禁用的恶意IP:
sudo iptables --list -n
Chain f2b-SSH (1 references) target prot opt source destination REJECT all -- 221.212.74.130 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 217.182.165.158 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 180.210.151.90 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 14.186.11.27 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 202.137.141.243 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 45.225.191.101 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 96.80.224.13 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 150.129.195.141 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 125.64.90.163 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 112.196.77.202 0.0.0.0/0 reject-with icmp-port-unreachable
转载请注明本文标题和链接:《 Centos Fail2ban安装配置与使用 》
网友评论 0