System – 第 2 頁 – 盧尛朋友

Fail2ban 是一個透過查看 Log 記錄，針對登入失敗或異常資料傳入，及時封鎖該 IP 的套件，

最常見就是用來保護 SSH ，除了更改常用 PORT 之外，也可以借由 Fail2ban 保護 SSH。

Fail2ban 並非 CentOS 官方的套件，如果沒有 EPEL (Extra Packages for Enterprise Linux) 套件，就必須先安裝。

yum install epel-release

1	yum install epel-release

==========================================================================================================
 Package                       Arch                    Version              Repository               Size
==========================================================================================================
Installing:
 epel-release                  noarch                  7-9                  extras                   14 k

Transaction Summary
==========================================================================================================
Install  1 Package

Total download size: 14 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-9.noarch.rpm                                                                                                                                         |  14 kB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-9.noarch                                                                                                                                                 1/1
  Verifying  : epel-release-7-9.noarch                                                                                                                                                 1/1

Installed:
  epel-release.noarch 0:7-9

Complete!

==========================================================================================================

Package Arch Version Repository Size

==========================================================================================================

Installing:

epel-release noarch 7-9 extras 14 k

Transaction Summary

==========================================================================================================

Install 1 Package

Total download size: 14 k

Installed size: 24 k

Is this ok [y/d/N]: y

Downloading packages:

epel-release-7-9.noarch.rpm | 14 kB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : epel-release-7-9.noarch 1/1

Verifying : epel-release-7-9.noarch 1/1

Installed:

epel-release.noarch 0:7-9

Complete!

接著再安裝 Fail2Ban

yum install fail2ban

1	yum install fail2ban

設定 Fail2Ban 開機啟動

systemctl enable fail2ban

1	systemctl enable fail2ban

Fail2Ban 設定檔路徑 /etc/fail2ban/

Fail2Ban 有 2 個預設的設定檔，fail2ban.conf 和 jail.conf，並且均有提示，不該修改此檔案，因為升級套件時可能會被覆蓋。

若要自定義的話，建議新增檔案 fail2ban.local 和 jail.local，這 2 個設定檔將會蓋過 .conf 的規則。

新增檔案：/etc/fail2ban/jail.local

下面的設定從 jail.conf 複製過來，預設的 bantime 為 600 秒，先修改為 60 秒，因為待會測試不會被鎖太久。

[DEFAULT]
#阻擋 60 秒 1分鐘:
bantime = 60

#失敗次數 5 次
maxretry = 5

[sshd]
enabled = true

[DEFAULT]

#阻擋 60 秒 1分鐘:

bantime = 60

#失敗次數 5 次

maxretry = 5

[sshd]

enabled = true

重啟服務 fail2ban

service fail2ban restart

1	service fail2ban restart

接著 SSH 連入主機，並輸入 5 次錯誤密碼，就會被鎖 60 秒

查看 SSH 封鎖的指令：fail2ban-client status sshd

[root@Mail fail2ban]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     8
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   192.168.1.222