yum repolist epel 저장소 등록되어 있는지 확인
[root@localhost ~]# yum repolist
repo id repo name status
base CentOS-6 - Base 5,075
epel Extra Packages for Enterprise Linux 6 - i386 10,194
extras CentOS-6 - Extras 21
rsyslog_v8 Adiscon CentOS-6 - local packages fo 2,074
updates CentOS-6 - Updates 254
repolist: 17,618
등록 안되어있을시 등록 후 fail2ban 설치
[root@localhost ~]# yum install -y epel-release
[root@localhost ~]# yum install -y fail2ban
설정파일 새로 생성 후 설정값 입력###/etc/fail2ban/jail.conf 기본 설정파일 있는데 새로 만들어서 사용
[root@localhost ~]# vi /etc/fail2ban/jail.d/sshd.local
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5 ## 5번 실패시 iptables에 차단 IP 등록
bantime = 86400 ## 초단위, 하루동안 차단
/etc/fail2ban/jail.conf
fail2ban 실행 후 iptables에 chain 추가 확인
[root@localhost ~]# service fail2ban start
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:shell
ACCEPT udp -- anywhere anywhere udp dpt:syslog
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
차단된 IP 로그에서 확인하기
[root@localhost ~]# cat /var/log/messages | grep Ban 또는
[root@localhost ~]# fail2ban-client status sshd
차단된 IP 해제하기
[root@localhost ~]# fail2ban-client set sshd unbanip IP 주소
'Study book > CentOS' 카테고리의 다른 글
| CentOS 설치 후 추가 패키지 설치 (0) | 2019.02.23 |
|---|