Fail2ban for RHEL7 or Centos7

查看fail2ban的安装信息,在rhel7已经使用0.9的版本和之前的版本在jail.conf方面还是差距很大的,具体细节查看/etc/fail2ban/jail.conf  或者man jail.conf

 

增加对ssh的防范破解

[sshd]

port = ssh
logpath = %(sshd_log)s
findtime = 4
maxretry = 2

[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port = ssh
logpath = %(sshd_log)s

 

加入到开机启动

systemctl enable fail2ban.service

启动fail2ban

systemctl start fail2ban.service

查看fail2ban的jail list

[root@74.207.241.219 ~]$ fail2ban-client status
Status
|- Number of jail: 3
`- Jail list: nginx-http-auth, sshd, sshd-ddos

 

查看具体的list status

[root@74.207.241.219 ~]$ fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 138
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 7
|- Total banned: 50
`- Banned IP list: 122.225.109.112 222.186.34.161 144.0.0.47 122.225.109.107 115.238.55.163 218.2.0.130 141.255.165.74

 

此处有个不明白的地方,在fail2ban-client status sshd看见有Banned IP list

但是在iptables –L –nv

没有查看到DROP对应的IP,如有明白的麻烦告诉 59866276@qq.com,不胜感激!

此问题已经解决,造成默认iptables没有相应fail2ban的链表的原因在于在rhel7/centos7下,fail2ban默认使用的是firewall管理,但是我禁止了firewall使用的iptables.

解决办法:

注释/etc/fail2ban/jail.d/00-firewalld.conf里面的[DEFAULT]

#[DEFAULT]
#banaction = firewallcmd-ipset

 

重启fail2ban后显示所有list的对应的iptables

Chain f2b-sshd (1 references)
pkts bytes target prot opt in out source destination
28 2096 REJECT all — * * 141.255.165.74 0.0.0.0/0 reject-with icmp-port-unreachable
18 1432 REJECT all — * * 218.2.0.130 0.0.0.0/0 reject-with icmp-port-unreachable
26 1904 REJECT all — * * 115.238.55.163 0.0.0.0/0 reject-with icmp-port-unreachable
29 2184 REJECT all — * * 122.225.109.107 0.0.0.0/0 reject-with icmp-port-unreachable
212 18888 REJECT all — * * 144.0.0.47 0.0.0.0/0 reject-with icmp-port-unreachable
206 10588 REJECT all — * * 222.186.34.161 0.0.0.0/0 reject-with icmp-port-unreachable
27 2104 REJECT all — * * 122.225.109.112 0.0.0.0/0 reject-with icmp-port-unreachable
128K 40M RETURN all — * * 0.0.0.0/0 0.0.0.0/0

Chain f2b-sshd-ddos (1 references)
pkts bytes target prot opt in out source destination
129K 40M RETURN all — * * 0.0.0.0/0 0.0.0.0/0

 

注意:如果是重启了iptables,建议在重启一下fail2ban,或者有可能造成fail2ban失效/

此条目发表在Safe分类目录。将固定链接加入收藏夹。

发表评论

电子邮件地址不会被公开。 必填项已用*标注