fail2ban
监控日志信息,发现异常并邮件通知管理员。
官网
Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
工作原理
通过分析一段时间内服务日志,将满足特定动作的IP加入IPtable中的drop列表。
下载地址
下载列表
http://www.fail2ban.org/wiki/index.php/Downloads
| Red Hat/CentOS | RPMs are available through EPEL |
-- https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-- https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-- RHEL/CentOS 7:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
on RHEL 7 it is recommended to also enable the optional, extras, and HA repositories since EPEL packages may depend on packages from these repositories:
# subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms" --enable "rhel-ha-for-rhel-*-server-rpms"
-- RHEL/CentOS 8:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
安装
Required
python ≥ 2.3
Optional
gamin ≥ 0.0.21
Install
tar xvfj fail2ban-0.8.5.tar.bz2
cd fail2ban-0.8.5
python setup.py install
设置条件
要求
ssh远程登陆5分钟内3次失败,禁止该IP访问1小时,1小时后解除。
配置
配置jail.conf文件