源码网商城,靠谱的源码在线交易网站 我的订单 购物车 帮助

源码网商城

申请开店
全部源码分类
首页 源码街 任务需求 版权中心 备案服务 商家入驻

centos下fail2ban安装与配置详解

  • 时间:2022-04-26 21:27 编辑: 来源: 阅读:
  • 扫一扫,手机访问
摘要:centos下fail2ban安装与配置详解
一、fail2ban简介 fail2ban可以监视你的系统日志,然后匹配日志的错误信息(正则式匹配)执行相应的屏蔽动作(一般情况下是防火墙),而且可以发送e-mail通知系统管理员,是不是很好、很实用、很强大! 二、简单来介绍一下fail2ban的功能和特性 1、支持大量服务。如sshd,apache,qmail,proftpd,sasl等等 2、支持多种动作。如iptables,tcp-wrapper,shorewall(iptables第三方工具),mail notifications(邮件通知)等等。 3、在logpath选项中支持通配符 4、需要Gamin支持(注:Gamin是用于监视文件和目录是否更改的服务工具) 5、需要安装python,iptables,tcp-wrapper,shorewall,Gamin。如果想要发邮件,那必需安装postfix/sendmail 三、fail2ban安装与配置操作实例 1:安装epel更新源:http://fedoraproject.org/wiki/EPEL/zh-cn
[u]复制代码[/u] 代码如下:
# yum install shorewall gamin-python shorewall-shell shorewall-perl shorewall-common python-inotify python-ctypes fail2ban
or
[u]复制代码[/u] 代码如下:
# yum install gamin-python python-inotify python-ctypes # wget http://dl.fedoraproject.org/pub/epel/6/i386/fail2ban-0.8.11-2.el6.noarch.rpm # rpm -ivh fail2ban-0.8.11-2.el6.noarch.rpm
or
[u]复制代码[/u] 代码如下:
# yum install gamin-python python-inotify python-ctypes # wget http://ftp.sjtu.edu.cn/fedora/epel//5/i386/fail2ban-0.8.4-29.el5.noarch.rpm # rpm -ivh fail2ban-0.8.4-29.el5.noarch.rpm
2:源码包安装
[u]复制代码[/u] 代码如下:
# wget https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.9.0 # tar -xzvf fail2ban-0.9.0.tar.gz # cd # ./setup.py # cp files/solaris-svc-fail2ban /lib/svc/method/svc-fail2ban # chmod +x /lib/svc/method/svc-fail2ban
安装路径
[u]复制代码[/u] 代码如下:
/etc/fail2ban action.d filter.d fail2ban.conf jail.conf
我们主要编辑jail.conf这个配置文件,其他的不要去管它.
[u]复制代码[/u] 代码如下:
# vi /etc/fail2ban.conf
SSH防攻击规则
[u]复制代码[/u] 代码如下:
[ssh-iptables] enabled  = true filter   = sshd action   = iptables[name=SSH, port=ssh, protocol=tcp]            sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"] logpath  = /var/log/secure maxretry = 5 [ssh-ddos] enabled = true filter  = sshd-ddos action  = iptables[name=ssh-ddos, port=ssh,sftp protocol=tcp,udp] logpath  = /var/log/messages maxretry = 2 [osx-ssh-ipfw] enabled  = true filter   = sshd action   = osx-ipfw logpath  = /var/log/secure.log maxretry = 5 [ssh-apf] enabled = true filter  = sshd action  = apf[name=SSH] logpath = /var/log/secure maxretry = 5 [osx-ssh-afctl] enabled  = true filter   = sshd action   = osx-afctl[bantime=600] logpath  = /var/log/secure.log maxretry = 5 [selinux-ssh] enabled = true filter  = selinux-ssh action  = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp] logpath  = /var/log/audit/audit.log maxretry = 5
proftp防攻击规则
[u]复制代码[/u] 代码如下:
[proftpd-iptables] enabled  = true filter   = proftpd action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]            sendmail-whois[name=ProFTPD, dest=you@example.com] logpath  = /var/log/proftpd/proftpd.log maxretry = 6
邮件防攻击规则
[u]复制代码[/u] 代码如下:
[sasl-iptables] enabled  = true filter   = postfix-sasl backend  = polling action   = iptables[name=sasl, port=smtp, protocol=tcp]            sendmail-whois[name=sasl, dest=you@example.com] logpath  = /var/log/mail.log [dovecot] enabled = true filter  = dovecot action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp] logpath = /var/log/mail.log [dovecot-auth] enabled = true filter  = dovecot action  = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp] logpath = /var/log/secure [perdition] enabled = true filter  = perdition action  = iptables-multiport[name=perdition,port="110,143,993,995"] logpath = /var/log/maillog [uwimap-auth] enabled = true filter  = uwimap-auth action  = iptables-multiport[name=uwimap-auth,port="110,143,993,995"] logpath = /var/log/maillog
apache防攻击规则
[u]复制代码[/u] 代码如下:
[apache-tcpwrapper] enabled  = true filter  = apache-auth action   = hostsdeny logpath  = /var/log/httpd/error_log maxretry = 6 [apache-badbots] enabled  = true filter   = apache-badbots action   = iptables-multiport[name=BadBots, port="http,https"]            sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] logpath  = /var/log/httpd/access_log bantime  = 172800 maxretry = 1 [apache-shorewall] enabled  = true filter   = apache-noscript action   = shorewall            sendmail[name=Postfix, dest=you@example.com] logpath  = /var/log/httpd/error_log
nginx防攻击规则
[u]复制代码[/u] 代码如下:
[nginx-http-auth] enabled = true filter  = nginx-http-auth action  = iptables-multiport[name=nginx-http-auth,port="80,443"] logpath = /var/log/nginx/error.log
lighttpd防规击规则
[u]复制代码[/u] 代码如下:
[suhosin] enabled  = true filter   = suhosin action   = iptables-multiport[name=suhosin, port="http,https"] # adapt the following two items as needed logpath  = /var/log/lighttpd/error.log maxretry = 2 [lighttpd-auth] enabled  = true filter   = lighttpd-auth action   = iptables-multiport[name=lighttpd-auth, port="http,https"] # adapt the following two items as needed logpath  = /var/log/lighttpd/error.log maxretry = 2
vsftpd防攻击规则
[u]复制代码[/u] 代码如下:
[vsftpd-notification] enabled  = true filter   = vsftpd action   = sendmail-whois[name=VSFTPD, dest=you@example.com] logpath  = /var/log/vsftpd.log maxretry = 5 bantime  = 1800 [vsftpd-iptables] enabled  = true filter   = vsftpd action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]            sendmail-whois[name=VSFTPD, dest=you@example.com] logpath  = /var/log/vsftpd.log maxretry = 5 bantime  = 1800
pure-ftpd防攻击规则
[u]复制代码[/u] 代码如下:
[pure-ftpd] enabled  = true filter   = pure-ftpd action   = iptables[name=pure-ftpd, port=ftp, protocol=tcp] logpath  = /var/log/pureftpd.log maxretry = 2 bantime  = 86400
mysql防攻击规则
[u]复制代码[/u] 代码如下:
[mysqld-iptables] enabled  = true filter   = mysqld-auth action   = iptables[name=mysql, port=3306, protocol=tcp]            sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com] logpath  = /var/log/mysqld.log maxretry = 5
apache phpmyadmin防攻击规则
[u]复制代码[/u] 代码如下:
[apache-phpmyadmin] enabled  = true filter   = apache-phpmyadmin action  = iptables[name=phpmyadmin, port=http,https protocol=tcp] logpath  = /var/log/httpd/error_log maxretry = 3 # /etc/fail2ban/filter.d/apache-phpmyadmin.conf 将以下内容粘贴到apache-phpmyadmin.conf里保存即可以创建一个apache-phpmyadmin.conf文件. # Fail2Ban configuration file # # Bans bots scanning for non-existing phpMyAdmin installations on your webhost. # # Author: Gina Haeussge # [Definition] docroot = /var/www badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2 # Option:  failregex # Notes.:  Regexp to match often probed and not available phpmyadmin paths. # Values:  TEXT # failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s) # Option:  ignoreregex # Notes.:  regex to ignore. If this regex matches, the line is ignored. # Values:  TEXT # ignoreregex = # service fail2ban restart
写在最后,在安装完fail2ban后请立即重启一下fail2ban,看是不是能正常启动,因为在后边我们配置完规则后如果发生无法启动的问题我们可以进行排查.如果安装完后以默认规则能够正常启动,而配置完规则后却不能够正常启动,请先检查一下你 /var/log/ 目录下有没有规则里的 logpath= 后边的文件,或者这个文件的路径与规则里的是不是一致. 如果不一致请在 logpath 项那里修改你的路径, 如果你的缓存目录里没有这个文件,那么请你将该配置项的 enabled 项目的值设置为 false. 然后再进行重启fail2ban,这样一般不会有什么错误了.
  • 全部评论(0)
上一篇:基于centos 6.5使用varnish实现网站动静分离
下一篇:使用htaccess规范化网址的配置
关于我们 | 广告合作 | 联系我们 | 隐私条款 | 免责声明 | 网站地图

苏ICP备2024110244号-2      苏公网安备32050702011978号      增值电信业务经营许可证编号:苏B2-20251499   |  Copyright 2018 - 2025   源码网商城 (www.ymwmall.com) 版权所有

联系客服
客服电话:
400-000-3129
微信版

扫一扫进微信版
返回顶部