Fail2ban用途在於偵測錯誤登入而對其IP進行封鎖
1.安裝需求套件python
yum install python python-devel gamin-python
2.安裝fail2ban
a.下載fail2ban
elinks http://dag.wieers.com/rpm/packages/fail2ban/fail2ban-0.8.1-1.el5.rf.noarch.rpm
b.安裝
rpm -ivh fail2ban-0.8.1-1.el5.rf.noarch.rpm
3.設定
vi /etc/fail2ban/jail.conf
ignoreip = 192.168.1.0/24 (忽略的ip)
bantime = 3600 (封鎖的時間)
findtime = 300 (搜尋的時間範圍)
maxretry = 3 (錯誤的次數)
例:
[ssh-iptables]
enabled = true (true 開啟 false關閉)
filter = sshd
action = iptables[name=SSH, port=22, protocol=tcp]
sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath = /var/log/secure (LOG位置)
maxretry = 3
4.設定完後重新啟動服務
service fail2ban restart
設定檔需要特別注意的地方是logpath,需依實際紀錄LOG的位置修改