Otu esi etinye Fail2ban na Rocky Linux na AlmaLinux
Edere ya na Python, Fail2ban bụ Sistemụ Mgbochi Mgbochi Mgbochi (IPS) na mepere emepe nke na-echebe sava ahụ pụọ na mwakpo ike ọjọọ.
Mgbe ọnụ ọgụgụ akọwapụtara nke mnwale okwuntughe na-ezighi ezi, amachibidoro adreesị IP nke onye ahịa ịbanye na sistemụ ahụ maka oge akọwapụtara ma ọ bụ ruo mgbe onye njikwa sistemụ meghere ya. N'ụzọ dị otú a, a na-echebe usoro ahụ pụọ na mwakpo ike ike ugboro ugboro site n'aka otu onye ọbịa.
[Ị nwekwara ike ịmasị: Otu esi echekwa ma sie ike OpenSSH Server]
Fail2ban nwere ike ịhazi ya nke ukwuu yana enwere ike ịtọ ya iji chekwaa ọtụtụ ọrụ dịka SSH, vsftpd, Apache, na Webmin.
N'ime ntuziaka a, anyị na-elekwasị anya ka ị nwere ike iwunye na hazie Fail2ban na Rocky Linux na AlmaLinux.
Kwụpụ 1: Gbaa mbọ hụ na Firewalld na-agba ọsọ
Site na ndabara, Rocky na-abịa na Firewalld na-agba ọsọ. Agbanyeghị, ọ bụrụ na nke a abụghị ikpe na sistemụ gị, malite Firewalld site na ime:
$ sudo systemctl start firewalld
Mgbe ahụ mee ka ọ malite na oge buut:
$ sudo systemctl enable firewalld
Wee nyochaa ọnọdụ nke Firewalld
$ sudo systemctl status firewalld
Na mgbakwunye, ị nwere ike kwado iwu Firewalld niile a na-eme ugbu a site na iji iwu a:
$ sudo firewall-cmd --list-all
Kwụpụ 2: Wụnye EPEL na Rocky Linux
Dị ka ihe achọrọ maka ntinye nke fail2ban na ngwugwu ndị ọzọ dị mkpa, ịkwesịrị ịwụnye ebe nchekwa EPEL nke na-enye ngwugwu ndị ọzọ dị elu maka nkesa dabeere na RHEL.
$ sudo dnf install epel-release
Kwụpụ 3: Wụnye Fail2ban na Rocky Linux
Na EPEL arụnyere, gaba na wụnye fail2ban na fail2ban-firewalld ngwugwu.
$ sudo dnf install fail2ban fail2ban-firewalld
Nke a na-etinye ihe nkesa fail2ban yana akụrụngwa firewalld yana ndabere ndị ọzọ.
Site na ntinye nke fail2ban zuru ezu, malite ọrụ fail2ban.
$ sudo systemctl start fail2ban
Ma mee ka ọ malite na oge buut.
$ sudo systemctl enable fail2ban
Ị nwere ike nyochaa ọkwa nke ọrụ fail2ban site na iji iwu a:
$ sudo systemctl status fail2ban
Nsonaazụ bụ nkwenye na Fail2ban na-agba ọsọ dịka anyị ga-atụ anya ya.
Kwụpụ 4: Na-ahazi Fail2ban na Rocky Linux
N'ịga n'ihu, anyị kwesịrị ịhazi fail2ban ka ọ rụọ ọrụ dịka echere. Dị ka o kwesịrị, anyị ga-edezi faịlụ nhazi isi - /etc/fail2ban/jail.conf. Otú ọ dị, nke a na-ada mbà. Dị ka a workaround ga-eṅomi ọdịnaya nke jail.conf nhazi faịlụ na jail.local faịlụ.
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Ugbu a, mepee faịlụ jail.local site na iji nchịkọta akụkọ masịrị gị.
$ sudo vim /etc/fail2ban/jail.local
N'okpuru ngalaba [DEFAULT], hụ na ị nwere ntọala ndị a ka ha pụtara.
bantime = 1h findtime = 1h maxretry = 5
Ka anyị kọwapụta njirimara ndị a:
- Ntuziaka bantime na-akọwapụta ogologo oge nke a ga-amachibido onye ahịa n'ihi mbọ nyocha dara ada.
- Ntuziaka nchọta bụ oge ma ọ bụ oge nke fail2ban ga-atụle mgbe ị na-atụle mbọ paswọọdụ ezighi ezi ugboro ugboro.
- Oke maxretry bụ ọnụọgụ kachasi mbọ paswọọdụ ezighi ezi tupu egbochichie onye ahịa dịpụrụ adịpụ ịbanye na sava ahụ. N'ebe a, a ga-akpọchi onye ahịa ahụ mgbe ọ dara nyocha 5.
Site na ndabara, fail2ban na-arụ ọrụ na iptables. Agbanyeghị, nke a emebiela maka nchekwa ọkụ. Anyị kwesịrị ịhazi fail2ban ka ọ rụọ ọrụ n'akụkụ firewalld kama iptables.
Yabụ, jiri iwu a gbaa ọsọ:
$ sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
Iji tinye mgbanwe ndị a, malitegharịa fail2ban:
$ sudo systemctl restart fail2ban
Kwụpụ 5: Iji Fail2ban chekwaa ọrụ SSH
Site na ndabara, fail2ban anaghị egbochi onye ọbịa ọ bụla dịpụrụ adịpụ ruo mgbe ị nyere nhazi ụlọ mkpọrọ maka ọrụ ịchọrọ ịchekwa. A na-akọwapụta nhazi ụlọ mkpọrọ na /etc/fail2ban/jail.d ụzọ ma ga-ewepụ nhazi ahụ akọwapụtara na faịlụ jail.local.
N'ihe atụ a, anyị ga-emepụta faịlụ nhazi ụlọ nga iji chebe ọrụ SSH. Ya mere, mepụta SSH jail faịlụ.
$ sudo vim /etc/fail2ban/jail.d/sshd.local
Ọzọ, mado ahịrị ndị a:
[sshd] enabled = true # Override the default global configuration # for specific jail sshd bantime = 1d maxretry = 3
Na nhazi nke dị n'elu, a ga-amachibido onye ọbịa dịpụrụ adịpụ ịnweta usoro maka ụbọchị 1 mgbe mgbalị nbanye SSH 3 dara. Chekwa mgbanwe ndị ahụ wee malitegharịa ọrụ fail2ban.
$ sudo systemctl restart fail2ban
Na-esote, nyochaa ọkwa nhazi ụlọ nga site na iji faịlị2ban-client Command-Utility.
$ sudo fail2ban-client status
Site na mmepụta, anyị nwere ike ịhụ na anyị nwere ụlọ mkpọrọ 1 ahaziri maka ọrụ a na-akpọ 'sshd'.
Na mgbakwunye, ị nwere ike kwado uru maxretry nke ụlọ mkpọrọ sshd site na iji nhọrọ nweta.
$ sudo fail2ban-client get sshd maxretry 3
Uru ebipụtara 3 kwesịrị dakọtara ihe ị kwuru na faịlụ sshd.local.
Kwụpụ 6: Nnwale Nhazi Fail2ban
Mgbe ịtọlitechara fail2ban na ịmepụta faịlụ nhazi ụlọ mkpọrọ maka ọrụ SSH, anyị ga-eme nnwale nnwale wee mee ka 3 mebie logins site na ịkọwa okwuntughe na-ezighi ezi maka okwuntughe ọ bụla.
Yabụ gaba na sistemụ Linux dịpụrụ adịpụ wee nwaa iji paswọọdụ na-ezighi ezi banye. Mgbe mbọ 3 dara ada, a ga-ahapụ njikọ ahụ, a ga-egbochikwa mbọ ọ bụla ọzọ ijikọ ọzọ ruo mgbe oge mmachibido iwu ahụ kwụsịrị.
Iji nweta nghọta na sistemu ndị ahịa egbochiri, lelee ọkwa nga.
$ sudo fail2ban-client status sshd
Iji wepụ ma ọ bụ wepụ onye ahịa n'ụlọ nga, mebie iwu a:
$ sudo fail2ban-client unban 192.168.2.102
Ọzọkwa, lelee ọkwa nga iji hụ na etinyeghị onye ahịa ahụ na ndepụta IP amachibidoro.
$ sudo fail2ban-client status sshd
Dị ka anyị hụworo, Fail2ban bụ ngwá ọrụ bara uru na-egbochi ndị omempụ na-achọ imebi usoro Linux gị. Ọ na-arụ ọrụ na njikọ Firewalld machibido usoro ndị ahịa maka oge a kapịrị ọnụ ka ọnụọgụ nbanye nke dara ada. Na ime nke a, ọ na-enye nchebe ọzọ maka ihe nkesa Linux gị.