Otu esi etinye Fail2ban na Rocky Linux na AlmaLinux


Edere ya na Python, Fail2ban bụ Sistemụ Mgbochi Mgbochi Mgbochi (IPS) na mepere emepe nke na-echebe sava ahụ pụọ na mwakpo ike ọjọọ.

Mgbe ọnụ ọgụgụ akọwapụtara nke mnwale okwuntughe na-ezighi ezi, amachibidoro adreesị IP nke onye ahịa ịbanye na sistemụ ahụ maka oge akọwapụtara ma ọ bụ ruo mgbe onye njikwa sistemụ meghere ya. N'ụzọ dị otú a, a na-echebe usoro ahụ pụọ na mwakpo ike ike ugboro ugboro site n'aka otu onye ọbịa.

[Ị nwekwara ike ịmasị: Otu esi echekwa ma sie ike OpenSSH Server]

Fail2ban nwere ike ịhazi ya nke ukwuu yana enwere ike ịtọ ya iji chekwaa ọtụtụ ọrụ dịka SSH, vsftpd, Apache, na Webmin.

N'ime ntuziaka a, anyị na-elekwasị anya ka ị nwere ike iwunye na hazie Fail2ban na Rocky Linux na AlmaLinux.

Kwụpụ 1: Gbaa mbọ hụ na Firewalld na-agba ọsọ

Site na ndabara, Rocky na-abịa na Firewalld na-agba ọsọ. Agbanyeghị, ọ bụrụ na nke a abụghị ikpe na sistemụ gị, malite Firewalld site na ime:

$ sudo systemctl start firewalld

Mgbe ahụ mee ka ọ malite na oge buut:

$ sudo systemctl enable firewalld

Wee nyochaa ọnọdụ nke Firewalld

$ sudo systemctl status firewalld

Na mgbakwunye, ị nwere ike kwado iwu Firewalld niile a na-eme ugbu a site na iji iwu a:

$ sudo firewall-cmd --list-all

Kwụpụ 2: Wụnye EPEL na Rocky Linux

Dị ka ihe achọrọ maka ntinye nke fail2ban na ngwugwu ndị ọzọ dị mkpa, ịkwesịrị ịwụnye ebe nchekwa EPEL nke na-enye ngwugwu ndị ọzọ dị elu maka nkesa dabeere na RHEL.

$ sudo dnf install epel-release

Kwụpụ 3: Wụnye Fail2ban na Rocky Linux

Na EPEL arụnyere, gaba na wụnye fail2ban na fail2ban-firewalld ngwugwu.

$ sudo dnf install fail2ban fail2ban-firewalld

Nke a na-etinye ihe nkesa fail2ban yana akụrụngwa firewalld yana ndabere ndị ọzọ.

Site na ntinye nke fail2ban zuru ezu, malite ọrụ fail2ban.

$ sudo systemctl start fail2ban

Ma mee ka ọ malite na oge buut.

$ sudo systemctl enable fail2ban

Ị nwere ike nyochaa ọkwa nke ọrụ fail2ban site na iji iwu a:

$ sudo systemctl status fail2ban

Nsonaazụ bụ nkwenye na Fail2ban na-agba ọsọ dịka anyị ga-atụ anya ya.

Kwụpụ 4: Na-ahazi Fail2ban na Rocky Linux

N'ịga n'ihu, anyị kwesịrị ịhazi fail2ban ka ọ rụọ ọrụ dịka echere. Dị ka o kwesịrị, anyị ga-edezi faịlụ nhazi isi - /etc/fail2ban/jail.conf. Otú ọ dị, nke a na-ada mbà. Dị ka a workaround ga-eṅomi ọdịnaya nke jail.conf nhazi faịlụ na jail.local faịlụ.

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Ugbu a, mepee faịlụ jail.local site na iji nchịkọta akụkọ masịrị gị.

$ sudo vim /etc/fail2ban/jail.local

N'okpuru ngalaba [DEFAULT], hụ na ị nwere ntọala ndị a ka ha pụtara.

bantime = 1h
findtime = 1h
maxretry = 5

Ka anyị kọwapụta njirimara ndị a:

  • Ntuziaka bantime na-akọwapụta ogologo oge nke a ga-amachibido onye ahịa n'ihi mbọ nyocha dara ada.
  • Ntuziaka nchọta bụ oge ma ọ bụ oge nke fail2ban ga-atụle mgbe ị na-atụle mbọ paswọọdụ ezighi ezi ugboro ugboro.
  • Oke maxretry bụ ọnụọgụ kachasi mbọ paswọọdụ ezighi ezi tupu egbochichie onye ahịa dịpụrụ adịpụ ịbanye na sava ahụ. N'ebe a, a ga-akpọchi onye ahịa ahụ mgbe ọ dara nyocha 5.

Site na ndabara, fail2ban na-arụ ọrụ na iptables. Agbanyeghị, nke a emebiela maka nchekwa ọkụ. Anyị kwesịrị ịhazi fail2ban ka ọ rụọ ọrụ n'akụkụ firewalld kama iptables.

Yabụ, jiri iwu a gbaa ọsọ:

$ sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local

Iji tinye mgbanwe ndị a, malitegharịa fail2ban:

$ sudo systemctl restart fail2ban

Kwụpụ 5: Iji Fail2ban chekwaa ọrụ SSH

Site na ndabara, fail2ban anaghị egbochi onye ọbịa ọ bụla dịpụrụ adịpụ ruo mgbe ị nyere nhazi ụlọ mkpọrọ maka ọrụ ịchọrọ ịchekwa. A na-akọwapụta nhazi ụlọ mkpọrọ na /etc/fail2ban/jail.d ụzọ ma ga-ewepụ nhazi ahụ akọwapụtara na faịlụ jail.local.

N'ihe atụ a, anyị ga-emepụta faịlụ nhazi ụlọ nga iji chebe ọrụ SSH. Ya mere, mepụta SSH jail faịlụ.

$ sudo vim /etc/fail2ban/jail.d/sshd.local

Ọzọ, mado ahịrị ndị a:

[sshd]
enabled = true

# Override the default global configuration
# for specific jail sshd
bantime = 1d
maxretry = 3

Na nhazi nke dị n'elu, a ga-amachibido onye ọbịa dịpụrụ adịpụ ịnweta usoro maka ụbọchị 1 mgbe mgbalị nbanye SSH 3 dara. Chekwa mgbanwe ndị ahụ wee malitegharịa ọrụ fail2ban.

$ sudo systemctl restart fail2ban

Na-esote, nyochaa ọkwa nhazi ụlọ nga site na iji faịlị2ban-client Command-Utility.

$ sudo fail2ban-client status

Site na mmepụta, anyị nwere ike ịhụ na anyị nwere ụlọ mkpọrọ 1 ahaziri maka ọrụ a na-akpọ 'sshd'.

Na mgbakwunye, ị nwere ike kwado uru maxretry nke ụlọ mkpọrọ sshd site na iji nhọrọ nweta.

$ sudo fail2ban-client get sshd maxretry

3

Uru ebipụtara 3 kwesịrị dakọtara ihe ị kwuru na faịlụ sshd.local.

Kwụpụ 6: Nnwale Nhazi Fail2ban

Mgbe ịtọlitechara fail2ban na ịmepụta faịlụ nhazi ụlọ mkpọrọ maka ọrụ SSH, anyị ga-eme nnwale nnwale wee mee ka 3 mebie logins site na ịkọwa okwuntughe na-ezighi ezi maka okwuntughe ọ bụla.

Yabụ gaba na sistemụ Linux dịpụrụ adịpụ wee nwaa iji paswọọdụ na-ezighi ezi banye. Mgbe mbọ 3 dara ada, a ga-ahapụ njikọ ahụ, a ga-egbochikwa mbọ ọ bụla ọzọ ijikọ ọzọ ruo mgbe oge mmachibido iwu ahụ kwụsịrị.

Iji nweta nghọta na sistemu ndị ahịa egbochiri, lelee ọkwa nga.

$ sudo fail2ban-client status sshd

Iji wepụ ma ọ bụ wepụ onye ahịa n'ụlọ nga, mebie iwu a:

$ sudo fail2ban-client unban 192.168.2.102

Ọzọkwa, lelee ọkwa nga iji hụ na etinyeghị onye ahịa ahụ na ndepụta IP amachibidoro.

$ sudo fail2ban-client status sshd

Dị ka anyị hụworo, Fail2ban bụ ngwá ọrụ bara uru na-egbochi ndị omempụ na-achọ imebi usoro Linux gị. Ọ na-arụ ọrụ na njikọ Firewalld machibido usoro ndị ahịa maka oge a kapịrị ọnụ ka ọnụọgụ nbanye nke dara ada. Na ime nke a, ọ na-enye nchebe ọzọ maka ihe nkesa Linux gị.