Linux安全工具之fail2ban防爆力破解

一：簡單介紹

fail2ban是一款實用軟件，能夠監視你的系統日誌，而後匹配日誌的錯誤信息（正則式匹配）執行相應的屏蔽動做

在企業中，有些不少人會開放root登陸，這樣就有機會給黑客形成暴力破解的機會，root用戶是衆所周知的超級管理員，

即便是黑客來暴力破解沒有成功，可是也能夠形成你的Linux主機一直迴應，這樣一來你的主機負載就會很高，咱們有什麼

辦法來控制呢，下面實驗簡單說明使用fail2ban工具的使用，若是深究的同窗請登陸fail2ban的官方文檔熟悉詳細操做。

 

二：實驗環境

系統：CentOS6.4_x64

版本：fail2ban-0.8.14.tar.gz

IP：192.168.182.128

 

三：開始安裝

首先安裝依賴包

yum install vim gcc gcc-c++ wget -y
yum install shorewall gamin-python shorewall-shell shorewall-perl shorewall-common python-inotify python-ctypes -y

下載fail2ban包，官網爲http://www.fail2ban.org/wiki/index.php/Main_Page 

tar zxvf fail2ban-0.8.14.tar.gz
cd fail2ban-0.8.14
python setup.py install

默認安裝路徑在/etc/fail2ban，jail.conf爲主配置文件。

vim /etc/fail2ban/jail.conf
 
   ####修改######
 32 ignoreip = 127.0.0.1
 94 [ssh-iptables]
 95 
 96 enabled  = ture
 97 filter   = sshd
 98 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 99            sendmail-whois[name=SSH, dest=you@example.com,            sender=fail2ban@example.com, sendername="Fail2Ban"]
100 logpath  = /var/log/sshd.log
101 maxretry = 3

 40 # "bantime" is the number of seconds that a host is banned.
 41 bantime  = 300
 42 
 43 # A host is banned if it has generated "maxretry" during the last "findtime"
 44 # seconds.
 45 findtime  = 600
 46 
 47 # "maxretry" is the number of failures before a host get banned.
 48 maxretry = 3
 49 

vim /etc/fail2ban/jail.conf
 
   ####修改######
 32 ignoreip = 127.0.0.1
 94 [ssh-iptables]
 95 
 96 enabled  = ture ###開啓ssh-iptables 97 filter   = sshd
 98 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 99            sendmail-whois[name=SSH, dest=you@example.com,            sender=fail2ban@example.com, sendername="Fail2Ban"]
100 logpath  = /var/log/secure ##ssh默認登陸的日誌存放信息 101 maxretry = 3

 40 # "bantime" is the number of seconds that a host is banned.
 41 bantime  = 300 #####鎖定300秒/5分鐘
 42 
 43 # A host is banned if it has generated "maxretry" during the last "findtime"
 44 # seconds.
 45 findtime  = 600 ####發現時間10分鐘
 46 
 47 # "maxretry" is the number of failures before a host get banned.
 48 maxretry = 3 ###三次錯誤
 49 
#########在10分鐘內發現有三次ssh連接錯誤則鎖定5分鐘

配置好了咱們要怎麼啓動源碼安裝的程序呢，首先先把這個程序加到程序啓動裏面。

[root@129-Slave fail2ban-0.8.14]# grep chkconfig ./* -R --color
./files/redhat-initd:# chkconfig: - 92 08
[root@129-Slave fail2ban-0.8.14]# cp ./files/redhat-initd /etc/init.d/fail2ban
[root@129-Slave fail2ban-0.8.14]# /etc/init.d/fail2ban start
Starting fail2ban: WARNING Wrong value for 'enabled' in 'ssh-iptables'. Using default one: ''false''
                                                           [  OK  ]
[root@129-Slave fail2ban-0.8.14]# ps -aux | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
root      1533  0.4  1.6 342148  8404 ?        Sl   06:37   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
root      1558  0.0  0.1 103248   868 pts/0    S+   06:37   0:00 grep fail2ban

接下來能夠看到是有fail2ban的進程，咱們進行測試。

[root@129-Slave fail2ban-0.8.14]# ssh 192.168.182.129
The authenticity of host '192.168.182.129 (192.168.182.129)' can't be established.
RSA key fingerprint is 29:90:34:7b:a0:05:99:af:79:91:0e:ed:86:ad:cf:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.182.129' (RSA) to the list of known hosts.
root@192.168.182.129's password: 
Permission denied, please try again.
root@192.168.182.129's password: 
Permission denied, please try again.
root@192.168.182.129's password:  
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@129-Slave fail2ban-0.8.14]# ssh 192.168.182.129
ssh: connect to host 192.168.182.129 port 22: Connection refused

########這裏我故意輸錯3次密碼，能夠見到我第二次連接的時候直接被鎖定了。#########