fail2ban
インストール
# yum install epel-release # yum install fail2ban
設定 : 1 分間に 3 回失敗したら 60 秒 ssh 接続禁止
# cd /etc/fail2ban # vim jail.local [DEFAULT] ignoreip = 127.0.0.1 backend = auto [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/secure maxretry = 3 findtime = 60 bantime = 60
# service fail2ban reload
ステータス確認 ※ ssh-iptables というフィルタリング設定
# fail2ban-client status ssh-iptables Status for the jail: ssh-iptables |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/secure `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 192.168.33.22
ban された ip の解除 ※ ssh-iptables というフィルタリング設定
# fail2ban-client set ssh-iptables unbanip 192.168.33.22 192.168.33.22 # fail2ban-client status ssh-iptables Status for the jail: ssh-iptables |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/secure `- Actions |- Currently banned: 0 |- Total banned: 1 `- Banned IP list:
公開鍵認証のみを受け付けている環境の ssh フィルタリング追加
# vim /etc/fail2ban/filter.d/sshd.conf ^%(__prefix_line)sConnection closed by <HOST>$