1 설치
root@zeta1:~# apt install fail2ban
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
python3-pyinotify whois
Suggested packages:
mailx monit python-pyinotify-doc
The following NEW packages will be installed:
fail2ban python3-pyinotify whois
0 upgraded, 3 newly installed, 0 to remove and 33 not upgraded.
Need to get 286 kB of archives.
After this operation, 1,474 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ap-northeast-2.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 fail2ban all 0.9.3-1 [227 kB]
Get:2 http://ap-northeast-2.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-pyinotify all 0.9.6-0fakesync1 [24.7 kB]
Get:3 http://ap-northeast-2.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 whois amd64 5.2.11 [34.0 kB]
Fetched 286 kB in 0s (8,986 kB/s)
Selecting previously unselected package fail2ban.
(Reading database ... 64857 files and directories currently installed.)
Preparing to unpack .../fail2ban_0.9.3-1_all.deb ...
Unpacking fail2ban (0.9.3-1) ...............................................................................................]
Selecting previously unselected package python3-pyinotify...................................................................]
Preparing to unpack .../python3-pyinotify_0.9.6-0fakesync1_all.deb ...
Unpacking python3-pyinotify (0.9.6-0fakesync1) .............................................................................]
Selecting previously unselected package whois.############..................................................................]
Preparing to unpack .../whois_5.2.11_amd64.deb ...
Unpacking whois (5.2.11) ...#####################################...........................................................]
Processing triggers for man-db (2.7.5-1) ...##################################..............................................]
Processing triggers for systemd (229-4ubuntu21.1) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up fail2ban (0.9.3-1) ...
Setting up python3-pyinotify (0.9.6-0fakesync1) ...########################################.................................]
Setting up whois (5.2.11) ...############################################################################...................]
Processing triggers for systemd (229-4ubuntu21.1) ...#################################################################......]
Processing triggers for ureadahead (0.100.0-19) ...
2 설정
root@zeta1:~# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
root@zeta1:~# vi /etc/fail2ban/jail.local
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8
# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
[sshd]
port = ssh
logpath = %(sshd_log)s
enabled = true
filter = sshd
maxretry = 3
3 서비스 재시작
root@zeta1:~# /etc/init.d/fail2ban restart
[ ok ] Restarting fail2ban (via systemctl): fail2ban.service.
root@zeta1:~# ps -ef | grep fail
root 17079 1 0 06:36 ? 00:00:00 /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
root 17130 15718 0 06:37 pts/5 00:00:00 grep --color=auto fail
4 같이 보기
5 참고
편집자
로그인하시면 댓글을 쓸 수 있습니다.
{{ comment.name }}
{{ comment.created | snstime }}
-
{{comment.page_title}} ―{{comment.name}}