安裝Fail2ban
1. 下載
wget https://raw.githubusercontent.com/FunctionClub/Fail2ban/master/fail2ban.sh
2. 安裝
bash fail2ban.sh
安裝過程:
- 第一步選擇是否修改SSH端口;
- 第二步輸入最多嘗試輸入SSH連接密碼的次數。(2-10次)
- 第三步輸入每個惡意IP的封禁時間(Default: 24h)
3. 修改配置
vim /etc/fail2ban/jail.local
修改為:
[DEFAULT] ignoreip = 127.0.0.1 bantime = 86400 maxretry = 3 findtime = 1800 [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/auth.log maxretry = 3 findtime = 3600 bantime = 86400
然后重載配置:
sudo fail2ban-client reload
參考:Ubuntu配置Fail2Ban防止SSH暴力破解與郵件預警 - 魯娜的博客 | Luna's Blog (dulunar.github.io)
禁用后解禁
fail2ban-client set ssh-iptables unbanip 你的ip
fail2ban-client set sshd unbanip 你的ip
安裝郵箱通知(可選)
1. 安裝heirloom-mailx
進入 /etc/apt/sources.list.d 新建文件 mailx.list ,內容:
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe
更新軟件源並安裝:
apt-get update
apt install heirloom-mailx
2. 安裝mailutils
apt-get install mailutils
3. 修改/etc/s-nail.rc 配置,末尾追加:
set from="你的郵箱@qq.com" set smtp="smtps://smtp.qq.com:465" set smtp-auth-user="你的郵箱@qq.com" set smtp-auth-password="郵箱授權碼,不是密碼" set smtp-auth=login
如果你使用的有些不需要ssl,加上:
set ssl-verify=ignore
4. 測試發送郵箱:
echo "內容"|s-nail -s "測試發送" 任意一個郵箱來接收郵件@qq.com
5. 修改Fail2ban配置:
vim /etc/fail2ban/jail.local
[DEFAULT] ignoreip = 127.0.0.1 bantime = 86400 maxretry = 3 findtime = 1800 mail-whois[name=SSH, dest=liohuang@dingtalk.com, sender=gxrcsc-bigdata@yandex.com] [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/auth.log maxretry = 3 findtime = 3600 bantime = 86400
重新載入配置:
sudo fail2ban-client reload
下班!