Last update at :2024-07-11,Edit by888u
For various needs with less hassle, if we can do it without a VPS, we should try not to use a VPS when building the website, because in many cases we will be subject to various active and non-active attack problems. Once a problem occurs, we need to spend a lot of time and energy to solve it. I just saw this article about Fail2ban application when I was looking for some tutorials to write, so I compiled it and shared it.
Based on the CentOS 6 or 7 version of the system, we can install the Fail2ban tool to prevent certain brute force cracking of SSH or FTP account problems. It may not be enough to solve the problem, but at least it can solve the general problem.
First, Fail2ban installation
A – CentOS 6
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmyum install fail2ban
B – CentOS 7
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpmyum install fail2ban
Select the corresponding system for one-click installation of the script. During the installation process, there will be three steps asking whether you need to enter Y. We enter y and press Enter to continue to the end.
Second, Fail2ban settings
Edit the /etc/fail2ban/jail.conf file, we need to set up the Fail2ban configuration file.
[DEFAULT]
# \\”ignoreip\\” can be an IP address, a CIDR mask or a DNS host. Fail2ban will not# ban a host which matches an address in this list. Several addresses can be# defined using space separator.
ignoreip = 127.0.0.1/8
# External command that will take an tagged arguments to ignore, e.g. ,# and return true if the IP is to be ignored. False otherwise.## ignorecommand = /path/to/command
ignorecommand =
# \\”bantime\\” is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated \\”maxretry\\” during the last \\”findtime\\”# seconds.
findtime = 600
# \\”maxretry\\” is the number of failures before a host get banned.
maxretry = 3
# \\”backend\\” specifies the backend used to get files modification.# Available options are \\”pyinotify\\”, \\”gamin\\”, \\”polling\\” and \\ ”auto\\”.# This option can be overridden in each jail as well.## pyinotify: requires pyinotify (a file alteration monitor) to be installed. Gamin (a file alteration monitor) to be installed.# If Gamin is not installed, Fail2ban will use auto.# polling: uses a polling algorithm which does not require external libraries.# auto: will try to use the following backends, in order :# pyinotify, gamin, polling.
backend = auto
# \\”usedns\\” specifies if jails should trust hostnames in logs,# warn when DNS lookups are performed, or ignore all hostnames in logs## yes: if a hostname is encountered, a DNS lookup will be performed .# warn: if a hostname is encountered, a DNS lookup will be performed,# but it will be logged as a warning.# no: if a hostname is encountered, will not be used for banning,# but it will be logged as info.
usedns = warn
Generally, we can just set these. The specific meanings are as follows:
ignoreip = 127.0.0.1 #Ignore IP list, not restricted by settings (whitelist) bantime = 600 #Blocking time, unit: seconds findtime = 600 #Exceeding the specified number of times within this time period will be banned maxretry = 3 #Maximum number of attempts backend = auto #Log modification detection mechanism (gamin, polling and auto) [ssh-iptables] #Check configuration for each service, such as setting bantime, findtime, maxretry and global conflicts, the service priority is greater than Global setting enabled = true #Whether to activate this item (true/false) filter = sshd #The name of the filter rule filter, corresponding to sshd.confaction = iptables[name=SSH, port=ssh, protocol=tcp] in the filter.d directory #Relevant parameters of the action sendmail-whois[name=SSH, dest=root, [email protected]] #Recipients who trigger the alarm logpath = /var/log/secure #Login log file of the detected system maxretry = 5 #Maximum Number of attempts
Third, start fail2ban
CentOS 6:service fail2ban restartCentOS 7:systemctl restart fail2ban.service
Fourth, set up startup
CentOS 6:chkconfig fail2ban onCentOS 7:systemctl enable fail2ban
To summarize, by activating and setting up Fail2ban settings in our VPS, we can slightly protect short-lived IPs from repeatedly trying to access our VPS and then provide restrictions. Of course, for our normal website, if we don’t provoke others, others won’t be too bored.
Recommended site search: foreign free asp space, rent space, free foreign server, ip138 website query, server hosting, registered cn domain name, overseas server, mainland China virtual host, domain name registration service, virtual host application,
p>
发表评论