centos下fail2ban安裝與配置詳解
一、fail2ban簡介
fail2ban可以監(jiān)視你的系統(tǒng)日志,然后匹配日志的錯誤信息(正則式匹配)執(zhí)行相應的屏蔽動作(一般情況下是防火墻),而且可以發(fā)送e-mail通知系統(tǒng)管理員,是不是很好、很實用、很強大!
二、簡單來介紹一下fail2ban的功能和特性
1、支持大量服務。如sshd,apache,qmail,proftpd,sasl等等
2、支持多種動作。如iptables,tcp-wrapper,shorewall(iptables第三方工具),mail notifications(郵件通知)等等。
3、在logpath選項中支持通配符
4、需要Gamin支持(注:Gamin是用于監(jiān)視文件和目錄是否更改的服務工具)
5、需要安裝python,iptables,tcp-wrapper,shorewall,Gamin。如果想要發(fā)郵件,那必需安裝postfix/sendmail
三、fail2ban安裝與配置操作實例
1:安裝epel更新源:http://fedoraproject.org/wiki/EPEL/zh-cn
or
# wget http://dl.fedoraproject.org/pub/epel/6/i386/fail2ban-0.8.11-2.el6.noarch.rpm
# rpm -ivh fail2ban-0.8.11-2.el6.noarch.rpm
or
# wget http://ftp.sjtu.edu.cn/fedora/epel//5/i386/fail2ban-0.8.4-29.el5.noarch.rpm
# rpm -ivh fail2ban-0.8.4-29.el5.noarch.rpm
2:源碼包安裝
# wget https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.9.0
# tar -xzvf fail2ban-0.9.0.tar.gz
# cd
# ./setup.py
# cp files/solaris-svc-fail2ban /lib/svc/method/svc-fail2ban
# chmod +x /lib/svc/method/svc-fail2ban
安裝路徑
/etc/fail2ban
action.d filter.d fail2ban.conf jail.conf
我們主要編輯jail.conf這個配置文件,其他的不要去管它.
# vi /etc/fail2ban.conf
SSH防攻擊規(guī)則
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 5
[ssh-ddos]
enabled = true
filter = sshd-ddos
action = iptables[name=ssh-ddos, port=ssh,sftp protocol=tcp,udp]
logpath = /var/log/messages
maxretry = 2
[osx-ssh-ipfw]
enabled = true
filter = sshd
action = osx-ipfw
logpath = /var/log/secure.log
maxretry = 5
[ssh-apf]
enabled = true
filter = sshd
action = apf[name=SSH]
logpath = /var/log/secure
maxretry = 5
[osx-ssh-afctl]
enabled = true
filter = sshd
action = osx-afctl[bantime=600]
logpath = /var/log/secure.log
maxretry = 5
[selinux-ssh]
enabled = true
filter = selinux-ssh
action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
logpath = /var/log/audit/audit.log
maxretry = 5
proftp防攻擊規(guī)則
[proftpd-iptables]
enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
郵件防攻擊規(guī)則
[sasl-iptables]
enabled = true
filter = postfix-sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you@example.com]
logpath = /var/log/mail.log
[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
logpath = /var/log/mail.log
[dovecot-auth]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
logpath = /var/log/secure
[perdition]
enabled = true
filter = perdition
action = iptables-multiport[name=perdition,port="110,143,993,995"]
logpath = /var/log/maillog
[uwimap-auth]
enabled = true
filter = uwimap-auth
action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
logpath = /var/log/maillog
apache防攻擊規(guī)則
[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = hostsdeny
logpath = /var/log/httpd/error_log
maxretry = 6
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
logpath = /var/log/httpd/access_log
bantime = 172800
maxretry = 1
[apache-shorewall]
enabled = true
filter = apache-noscript
action = shorewall
sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/httpd/error_log
nginx防攻擊規(guī)則
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=nginx-http-auth,port="80,443"]
logpath = /var/log/nginx/error.log
lighttpd防規(guī)擊規(guī)則
[suhosin]
enabled = true
filter = suhosin
action = iptables-multiport[name=suhosin, port="http,https"]
# adapt the following two items as needed
logpath = /var/log/lighttpd/error.log
maxretry = 2
[lighttpd-auth]
enabled = true
filter = lighttpd-auth
action = iptables-multiport[name=lighttpd-auth, port="http,https"]
# adapt the following two items as needed
logpath = /var/log/lighttpd/error.log
maxretry = 2
vsftpd防攻擊規(guī)則
[vsftpd-notification]
enabled = true
filter = vsftpd
action = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
pure-ftpd防攻擊規(guī)則
[pure-ftpd]
enabled = true
filter = pure-ftpd
action = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
logpath = /var/log/pureftpd.log
maxretry = 2
bantime = 86400
mysql防攻擊規(guī)則
[mysqld-iptables]
enabled = true
filter = mysqld-auth
action = iptables[name=mysql, port=3306, protocol=tcp]
sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
logpath = /var/log/mysqld.log
maxretry = 5
apache phpmyadmin防攻擊規(guī)則
[apache-phpmyadmin]
enabled = true
filter = apache-phpmyadmin
action = iptables[name=phpmyadmin, port=http,https protocol=tcp]
logpath = /var/log/httpd/error_log
maxretry = 3
# /etc/fail2ban/filter.d/apache-phpmyadmin.conf
將以下內(nèi)容粘貼到apache-phpmyadmin.conf里保存即可以創(chuàng)建一個apache-phpmyadmin.conf文件.
# Fail2Ban configuration file
#
# Bans bots scanning for non-existing phpMyAdmin installations on your webhost.
#
# Author: Gina Haeussge
#
[Definition]
docroot = /var/www
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2
# Option: failregex
# Notes.: Regexp to match often probed and not available phpmyadmin paths.
# Values: TEXT
#
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# service fail2ban restart
寫在最后,在安裝完fail2ban后請立即重啟一下fail2ban,看是不是能正常啟動,因為在后邊我們配置完規(guī)則后如果發(fā)生無法啟動的問題我們可以進行排查.如果安裝完后以默認規(guī)則能夠正常啟動,而配置完規(guī)則后卻不能夠正常啟動,請先檢查一下你 /var/log/ 目錄下有沒有規(guī)則里的 logpath= 后邊的文件,或者這個文件的路徑與規(guī)則里的是不是一致. 如果不一致請在 logpath 項那里修改你的路徑, 如果你的緩存目錄里沒有這個文件,那么請你將該配置項的 enabled 項目的值設置為 false. 然后再進行重啟fail2ban,這樣一般不會有什么錯誤了.
- php警告Creating default object from empty value 問題的解決方法
- jQuery動畫效果animate和scrollTop結(jié)合使用實例
- c#異常處理示例分享
- C# 實現(xiàn)的圖片蓋章功能,支持拖拽、旋轉(zhuǎn)、放縮、保存
- c++內(nèi)聯(lián)函數(shù)(inline)使用詳解
- c語言stack(棧)和heap(堆)的使用詳解
- c語言main函數(shù)使用及其參數(shù)介紹
- c語言clock函數(shù)使用示例
- c語言隨機數(shù)函數(shù)示例
- c語言指針之二級指針示例
- c++拷貝構(gòu)造函數(shù)防篡改示例
- c++顯式類型轉(zhuǎn)換示例詳解
- c++回調(diào)之利用函數(shù)指針示例
- c++回調(diào)之利用sink示例
- Python爬蟲框架Scrapy安裝使用步驟
- JavaScript對象的property屬性詳解
- Centos中安裝多個mysql數(shù)據(jù)的配置實例
- c#的dataset離線數(shù)據(jù)集示例
相關(guān)文章
CentOS 5.1下跑Mono和Asp.net的實現(xiàn)方法分享
由于想研究在linux下跑.net程序的可行性,于是嘗試在CentOS5.1下搭建Mono環(huán)境和Asp.Net的服務器。Asp.Net的服務器是采用mod_mono和Apache的方式搭建(Nginx的搭建尚未研究)2012-04-04Ubuntu18.04安裝opencv 3.2.0的解決方法
這篇文章主要介紹了Ubuntu18.04安裝opencv 3.2.0的解決方法,非常不錯,具有一定的參考借鑒價值,需要的朋友可以參考下2018-10-10Ubuntu系統(tǒng)下用Crontab命令定時執(zhí)行PHP文件詳解
這篇文章主要給大家介紹了在Ubuntu系統(tǒng)下用Crontab命令定時執(zhí)行PHP文件的相關(guān)資料,文中介紹的非常詳細,對大家具有一定的參考學習價值,需要的朋友們下面來一起看看吧。2017-06-06