fail2ban 防止ssh爆破

当ssh错误登录几次后 登录的IP即被封堵

Centos7 默认源不带fail2ban 要安装epel

yum -y install epel-release  
yum -y install fail2ban 
systemctl enable fail2ban 
systemctl start fail2ban
systemctl stop fail2ban   //停止

 

编辑配置

vim /etc/fail2ban/jail.conf

新加下列配置 阻止密码错误次数

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=22, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
findtime = 300
bantime = -1
//-1 是永久封禁 其他则为秒

 

保存后重启

systemctl restart fail2ban

 

查看被ban的IP

fail2ban-client status ssh-iptables

查看被ban的IP

iptables -L -n
fail2ban-client set ssh-iptables addignoreip IP地址  //添加白名单
fail2ban-client set ssh-iptables delignoreip IP地址  //删除白名单

 

 

 

 

 

 

 

 

 

发表回复