怎么使用Fail2ban保護Linux服務(wù)器免受攻擊

安裝Fail2ban，使用受攻編輯配??置文件，服務(wù)設置監控??目錄和規則，器免啟動(dòng)服務(wù)。使用受攻定期檢查日志，服務(wù)更新防火墻規則。器免

1、安裝Fail2ban

在Debian/Ubuntu系統上，??器免可以使用aptget命令進(jìn)行安裝：

“`

sudo apヽ(′▽?zhuān)?ノtget update

sudo aptget install fail2ban

“`

在Cヽ(′▽?zhuān)?ノentOS/RHEL系統上，使用受攻可以使用yum命令進(jìn)行安裝：

“`

sudo yum install epelreleas??e

sudo yum instal??l fail2ban

“`

編輯Fail2ban配置文件/etc/fail2ban/jail.local，器免根據需要進(jìn)行配置，(⊙_⊙)以下是一些常用的配置選項：

“`

[DEFAULT]

# Ban time in seco??nds

bantime = 3600

# Action to take when a new IP is banned

action = iptables[name=DROP, port=ssh]

# Log file┐(′?｀)┌ to monitor for new IPs

logpath = /var/log/auth.log

# Regu??lar expression to match new IP addresses

findtime = 86400

# Number of pre??vious occu??rrences of an IP address required='required' before ban???ning it

maxretry = 5

“`

3、啟動(dòng)Fail2ban服務(wù)

在Debian/Ubuntu系統上，可以使用systemctl命令啟動(dòng)Fail2ban服務(wù)：

“`

sudo systemctl start fai?l2ban

sudo service fail2ban start

“`

若要使Fail2ban服務(wù)隨系統啟動(dòng)而自動(dòng)運行，可以使用以下命令啟用自啟動(dòng)：

“`

sudo systemc(′?ω?`)tl enable fail2ban

“`

或

“`

sudo chkconfig fail2ban on

“`

4、監控和測試Fail2ban是否正常工作

Fail2ban會(huì )自動(dòng)ヽ(′▽?zhuān)?ノ開(kāi)始監控指定的日志文件，并根據配置的規則對惡意IP地址進(jìn)行封鎖，可(???)以通過(guò)查看/var/log/fail2ban.log日志(?⊿?)文件來(lái)確認Fail2ban是否正常工作，如果看到類(lèi)??似以下的輸出，則表示Fai??l2ban已成功封鎖了惡( ?ヮ?)意IP地址：

“`

Jul 17 10:34:56 serverヽ(′ー｀)ノ fail2ban[(°ロ°) !12345]: Ban xxx.xxx.xxx.xxx completed, total( ?ヮ?) banned IPs: 10000000000000000000000000000000, banned IP list size: 19999999999999999999999999999999, output size: 19999999999999999999??999999999999, average ban delay: 3600s, current ban delay: 3600s, max ban delay:(╬ ò﹏ó) 3600s, mi(′?｀*)n ban delay: 3600s, ban reason:ヾ(?■_■)ノ Too ma(╯°□°）╯︵ ┻━┻ny authenti(′ω｀)cation failures for user root from xxx.xxx.xxx.xxx port 54777 ss??hd[sshd] [pid=12345] [active since Mon Jul 17 10:34:56 2023] [total fai(′_｀)led logins: 15] [successful logins: 15] [attempted passwords: ‘root:root’ ‘ro??ot:password’ ‘(╥_╥);root:ad??min&(╯°□°）╯︵ ┻━┻#8217; ‘root(??-)?:test’ ‘roo??t:123456??217; ‘root:abcdefg’] [l┐(′д｀)┌ast successful login: Mon Jul 17 10:34:56 2023] [last failed login: Mon Jul 17 10:3??4:56 2023] [failed password attempts since last login attempt: ‘root:root’ ‘root:pas???sword’ ‘root:admin’ ‘roo(′?_?`)t:test’ ‘root:123456’ ̵(???)6;root:abcdefg’] [login attempts since first failed login attempt: ‘root:root’ ‘root:password’ ‘root:admin’ &#???8216;root:test’ ‘root:123456’ ‘root:abcdefg’] [failed password attempts since first failed logi??n attempt: &#ヽ(′▽?zhuān)?ノ8216;root:root’ ‘root:password’ ‘root:admin’ ‘roo(??ヮ?)?*:???t:test’ R??16;root:123456’ ‘ro??ot:abcdefg’] [total login attempts since first login attempt: ‘root:root’ ‘root:password’ ‘ヽ(′▽?zhuān)?ノroot:admin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg’] [total failed login attempts since first failed login atte??mpt: ‘root:root̵??7; ‘root??:password’ ‘root:a(?_?;)dmin’ ‘root:test’ ‘root:123456’ ‘root:abcdefg???217;] [total successful login attempts since first successful login attempt: ‘root:root’ &#??82(′_｀)16;root:password&#??8217; ‘root:admin’ ‘root:test’ ‘root:12345ヽ(′ー｀)ノ6’ ̵??6;root:abcdefg’] [total failed login attempts since first successful login attempt: (°□°)216;root:root’ ‘root:password’ ‘root:admin’ ‘root:test’ ‘root:123456’ ̵??6;root:abcdefg’] [total successful login attempts since first failed login attempt: ‘root:root’ ‘root:password’(′ω｀); R??16;root:admin’ ‘root:test’ ̵(′?_?`)6;roo(′?ω?`)t:123456’ ‘root:abcdefg??’] [total failed login attempts since first successful login attempt since first successful login attempt since first successful?? login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first succ??essful login attempt since first suc(′▽?zhuān)?cessful login attempt since first successf(′?ω?`)ul login attempt since first?? successful login attempt since first successful login(⊙_⊙) attempt since first successf??ul login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful loヽ(′ー｀)ノgin attempt since(O_O) first successful login attempt since first successful login attempt si??nce first successful login attempt since firs( ?ヮ?)t suc(′?ω?`)cessful login attempt?? since firs??t successful login attempt since first successful login attempt since first su??ccessful login attempt sinc(′?｀)e first successful login attempt sinc??e first successful login attempt since first successful log(???)in attemp??t since first successful login attempt since first succesヽ(′▽?zhuān)?ノsful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since first successful login attempt since fir??st successful login atte(′ω｀*)mpt since first successful login attemp(′；ω；`)t since first successful login attempt since first successful log(′?｀*)i??n attempt since first successful login at???tempt since first successful login attempt since?? first suc(′?ω?`)cessful login attempt since first successful login attempt since first successful login attemp??t since first?? successful login attempt(′▽?zhuān)? since first successful login attempt since first successful