Anolis OS release 8.6 安装fail2ban 防ssh暴力破解及网站cc攻击

一、新加仓库源地址

二、安装

三、查看日志

四、查看启用监控的列表

五、查看被sshd服务进制的ip地址

六、从fail2ban中删除进制的IP地址

一、新加仓库源地址

# yum install epel-release

# rm -f epel-*.repo

# cat /etc/redhat-release

Anolis OS release 8.6

删除epel.repo中原有内容,添加下面内容:

# cat /etc/yum.repos.d/epel.repo

[epel]

name=Extra Packages for Enterprise Linux $releasever - $basearch

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place it's address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch

#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir

baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch

repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir

enabled=1

gpgcheck=1

countme=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

[epel-debuginfo]

name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place it's address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug

#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir

baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/debug

enabled=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

gpgcheck=1

[epel-source]

name=Extra Packages for Enterprise Linux $releasever - $basearch - Source

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place it's address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/SRPMS

#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir

baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/SRPMS

enabled=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

gpgcheck=1


# dnf repolist epel -v


二、安装

# yum -y install fail2ban  syslog


新建配置文件


# pwd

/etc/fail2ban

# cat jail.local

[DEFAULT]

bantime = 86400

findtime = 600

maxretry = 3

banaction = iptables-multiport

[sshd]

enabled = true

port = 4033

filter = sshd

logpath = /var/log/secure

maxretry = 3


启动:

# systemctl enable fail2ban

三、查看日志


四、查看启用监控的列表


五、查看被sshd服务进制的ip地址

# fail2ban-client status sshd

# fail2ban-client get sshd banip

在防火墙中被拒绝的IP

# iptable  -nvL

六、从fail2ban中删除进制的IP地址



# fail2ban-client  set sshd  unbanip 192.168.3.66

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容