Otu esi etinye Fail2Ban iji chebe SSH na CentOS/RHEL 8

Fail2ban bụ ihe n'efu, mepere emepe yana ngwa mgbochi mgbochi a na-ejikarị eme ihe nke na-enyocha faịlụ ndekọ maka adreesị IP nke na-egosi akara ọjọọ dị ka ọtụtụ ọdịda okwuntughe, yana ọtụtụ ndị ọzọ, machibido ha (na-emelite iwu firewall iji jụ adreesị IP) . Site na ndabara, ọ na-ebufe ihe nzacha maka ọrụ dị iche iche gụnyere sshd.

N'isiokwu a, anyị ga-akọwa otu esi etinye ma hazie fail2ban iji chebe SSH ma melite nchekwa nke SSH megide mwakpo ike na CentOS/RHEL 8.

Ịwụnye Fail2ban na CentOS/RHEL 8

Ngwungwu fail2ban adịghị na ebe nchekwa gọọmentị mana ọ dị na ebe nchekwa EPEL. Mgbe ịbanye n'ime sistemụ gị, nweta interface akara iwu, wee mee ka ebe nchekwa EPEL dị na sistemụ gị dị ka egosiri.

# dnf install epel-release
OR
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

Mgbe nke ahụ gasịrị, wụnye ngwugwu Fail2ban site na ịme iwu na-esonụ.

# dnf install fail2ban

Na-ahazi Fail2ban iji chekwa SSH

A na-echekwa faịlụ nhazi fail2ban na /etc/fail2ban/ directory na ihe nzacha na-echekwa na /etc/fail2ban/filter.d/ directory (faịlụ nzacha maka sshd bụ /etc/fail2ban/filter.d/sshd.conf) .

Faịlụ nhazi zuru ụwa ọnụ maka ihe nkesa fail2ban bụ /etc/fail2ban/jail.conf, Otú ọ dị, a naghị atụ aro ka ịmegharịa faịlụ a ozugbo, n'ihi na ọ ga-abụ na a ga-edegharị ma ọ bụ meziwanye ya ma ọ bụrụ na nkwalite ngwugwu n'ọdịnihu.

Dị ka ihe ọzọ, a na-atụ aro ka ịmepụta na ịgbakwunye nhazi gị na faịlụ jail.local ma ọ bụ kewaa .conf faịlụ n'okpuru /etc/fail2ban/jail.d/ directory. Rịba ama na usoro nhazi nke edobere na jail.local ga-ewepụ ihe ọ bụla akọwapụtara na jail.conf.

Maka edemede a, anyị ga-emepụta faịlụ dị iche iche a na-akpọ jail.local na /etc/fail2ban/ directory dị ka egosiri.

# vi /etc/fail2ban/jail.local

Ozugbo faịlụ ahụ mepere, detuo ma mado nhazi ndị a na ya. Ngalaba [defaULT] nwere nhọrọ zuru ụwa ọnụ yana [sshd] nwere parampat maka ụlọ nga sshd.

[DEFAULT] 
ignoreip = 192.168.56.2/24
bantime  = 21600
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd] 
enabled = true

Ka anyị kọwaa nkenke nhọrọ na nhazi dị n'elu:

  • ịhapụ: ezipụta ndepụta adreesị IP ma ọ bụ aha nnabata agaghị machibido.
  • bantime: akọwapụtara ọnụọgụ sekọnd nke amachibidoro onye ọbịa maka (ya bụ ogologo oge mmachibido iwu).
  • maxretry: na-akọwapụta ọnụọgụ nke ọdịda tupu amachibido onye nnabata.
  • nchọta oge: fail2ban ga-amachibido onye ọbịa ma ọ bụrụ na ọ mepụtala “maxretry” n'ime nkeji “nchọta” ikpeazụ.
  • Banaction: mmachibido ime ihe.
  • backend: na-akọwapụta azụ azụ ejiri nweta mgbanwe faịlụ ndekọ.

Nhazi nke dị n'elu, ya mere, pụtara ma ọ bụrụ na IP adaala ugboro 3 na nkeji 5 gara aga, machibido ya maka awa 6, ma leghara adreesị IP 192.168.56.2.

Ọzọ, bido ma mee ka ọrụ fail2ban dị ugbu a wee lelee ma ọ dị elu ma na-arụ ọrụ site na iji usoro systemctl na-esonụ.

# systemctl start fail2ban
# systemctl enable fail2ban
# systemctl status fail2ban

Nlebaghị ama amachibidoro Adreesị IP Iji fail2ban-client

Mgbe emechara fail2ban iji chekwaa sshd, ị nwere ike lelee adreesị IP dara ada ma machibido ya site na iji fail2ban-client. Ka ilele ọnọdụ ihe nkesa fail2ban dị ugbu a, mee iwu a.

# fail2ban-client status

Iji nyochaa ụlọ mkpọrọ sshd, gbaa ọsọ.

# fail2ban-client status sshd

Iji wepụ adreesị IP na fail2ban (n'ime jails na nchekwa data niile), mee iwu a.

# fail2ban-client unban 192.168.56.1

Maka ozi ndị ọzọ na fail2ban, gụọ akwụkwọ nwoke ndị a.

# man jail.conf
# man fail2ban-client

Nke ahụ chịkọtara ntuziaka a! Ọ bụrụ na ị nwere ajụjụ ọ bụla ma ọ bụ echiche ịchọrọ ịkekọrịta gbasara isiokwu a, egbula oge ịbịakwute anyị site na mpempe nzaghachi n'okpuru.