資安 Fail2ban 安裝
# vim /etc/yum.repos.d/CentOS-Base.repo最下面加入以下
[atrpms]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1
enabled=1
# yum install fail2ban
問題:
warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID 66534c2b
GPG key retrieval failed: [Errno 14] HTTP Error 404: Not Found
解決把上面的gpgcheck=1 改成0
# vim /etc/yum.repos.d/CentOS-Base.repo最下面加入以下
[atrpms]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1
enabled=1
# yum install fail2ban
問題:
warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID 66534c2b
GPG key retrieval failed: [Errno 14] HTTP Error 404: Not Found
解決把上面的gpgcheck=1 改成0
設定jail.conf
# vim /etc/fail2ban/jail.conf
bantime = 3600
backend = gamin
[ssh-iptables]
enabled = true
action = iptables[name=SSH, port=5341, protocol=tcp] #可以自行跟改port
sendmail-whois[name=SSH, dest=adminmail@example.cm.tw, sender=fail2ban@example.cm.tw]
logpath = /var/log/secure
maxretry = 3
#service fail2ban start
#chkconf --add fail2ban
#chkconf fail2ban on
#chkconf --list |grep fail2ban
檢查fail2ban
找一台嘗試錯誤登入三次
#logwatch --print --range=Today
# vim /etc/fail2ban/jail.conf
bantime = 3600
backend = gamin
[ssh-iptables]
enabled = true
action = iptables[name=SSH, port=5341, protocol=tcp] #可以自行跟改port
sendmail-whois[name=SSH, dest=adminmail@example.cm.tw, sender=fail2ban@example.cm.tw]
logpath = /var/log/secure
maxretry = 3
#service fail2ban start
#chkconf --add fail2ban
#chkconf fail2ban on
#chkconf --list |grep fail2ban
檢查fail2ban
找一台嘗試錯誤登入三次
#logwatch --print --range=Today
--------------------- SSHD Begin ------------------------
Failed logins from:
192.168.2.150: 3 times
Users logging in through sshd:
root:
192.168.2.110: 1 time
**Unmatched Entries**
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.150 user=root : 2 time(s)
---------------------- SSHD End -------------------------
#iptables -L -n
Chain fail2ban-SSH (1 references)
target prot opt source destination
DROP all -- 192.168.2.150 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Failed logins from:
192.168.2.150: 3 times
Users logging in through sshd:
root:
192.168.2.110: 1 time
**Unmatched Entries**
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.150 user=root : 2 time(s)
---------------------- SSHD End -------------------------
#iptables -L -n
Chain fail2ban-SSH (1 references)
target prot opt source destination
DROP all -- 192.168.2.150 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
沒有留言:
張貼留言