• Linux安全工具之fail2ban防爆力破解


    一:简单介绍

    fail2ban是一款实用软件,可以监视你的系统日志,然后匹配日志的错误信息(正则式匹配)执行相应的屏蔽动作

    在企业中,有些很多人会开放root登录,这样就有机会给黑客造成暴力破解的机会,root用户是众所周知的超级管理员,

    即使是黑客来暴力破解没有成功,但是也可以造成你的Linux主机一直回应,这样一来你的主机负载就会很高,我们有什么

    办法来控制呢,下面实验简单说明使用fail2ban工具的使用,如果深究的同学请登录fail2ban的官方文档熟悉详细操作。

    二:实验环境

    系统:CentOS6.4_x64

    版本:fail2ban-0.8.14.tar.gz

    IP:192.168.182.128

    三:开始安装

    首先安装依赖包

    yum install vim gcc gcc-c++ wget -y
    yum install shorewall gamin-python shorewall-shell shorewall-perl shorewall-common python-inotify python-ctypes -y

    下载fail2ban包,官网为http://www.fail2ban.org/wiki/index.php/Main_Page 

    tar zxvf fail2ban-0.8.14.tar.gz
    cd fail2ban-0.8.14
    python setup.py install

    默认安装路径在/etc/fail2ban,jail.conf为主配置文件。

    vim /etc/fail2ban/jail.conf
     
       ####修改######
     32 ignoreip = 127.0.0.1
     94 [ssh-iptables]
     95 
     96 enabled  = ture
     97 filter   = sshd
     98 action   = iptables[name=SSH, port=ssh, protocol=tcp]
     99            sendmail-whois[name=SSH, dest=you@example.com,            sender=fail2ban@example.com, sendername="Fail2Ban"]
    100 logpath  = /var/log/sshd.log
    101 maxretry = 3
    
     40 # "bantime" is the number of seconds that a host is banned.
     41 bantime  = 300
     42 
     43 # A host is banned if it has generated "maxretry" during the last "findtime"
     44 # seconds.
     45 findtime  = 600
     46 
     47 # "maxretry" is the number of failures before a host get banned.
     48 maxretry = 3
     49 
    vim /etc/fail2ban/jail.conf
     
       ####修改######
     32 ignoreip = 127.0.0.1
     94 [ssh-iptables]
     95 
     96 enabled  = ture       ###开启ssh-iptables
     97 filter   = sshd
     98 action   = iptables[name=SSH, port=ssh, protocol=tcp]
     99            sendmail-whois[name=SSH, dest=you@example.com,            sender=fail2ban@example.com, sendername="Fail2Ban"]
    100 logpath  = /var/log/secure             ##ssh默认登录的日志存放信息
    101 maxretry = 3
    
     40 # "bantime" is the number of seconds that a host is banned.
     41 bantime  = 300             #####锁定300秒/5分钟
     42 
     43 # A host is banned if it has generated "maxretry" during the last "findtime"
     44 # seconds.
     45 findtime  = 600              ####发现时间10分钟
     46 
     47 # "maxretry" is the number of failures before a host get banned.
     48 maxretry = 3                    ###三次错误
     49 
    #########在10分钟内发现有三次ssh链接错误则锁定5分钟

    配置好了我们要怎么启动源码安装的程序呢,首先先把这个程序加到程序启动里面。

    [root@129-Slave fail2ban-0.8.14]# grep chkconfig ./* -R --color
    ./files/redhat-initd:# chkconfig: - 92 08
    [root@129-Slave fail2ban-0.8.14]# cp ./files/redhat-initd /etc/init.d/fail2ban
    [root@129-Slave fail2ban-0.8.14]# /etc/init.d/fail2ban start
    Starting fail2ban: WARNING Wrong value for 'enabled' in 'ssh-iptables'. Using default one: ''false''
                                                               [  OK  ]
    [root@129-Slave fail2ban-0.8.14]# ps -aux | grep fail2ban
    Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
    root      1533  0.4  1.6 342148  8404 ?        Sl   06:37   0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
    root      1558  0.0  0.1 103248   868 pts/0    S+   06:37   0:00 grep fail2ban

    接下来可以看到是有fail2ban的进程,我们进行测试。

    [root@129-Slave fail2ban-0.8.14]# ssh 192.168.182.129
    The authenticity of host '192.168.182.129 (192.168.182.129)' can't be established.
    RSA key fingerprint is 29:90:34:7b:a0:05:99:af:79:91:0e:ed:86:ad:cf:75.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.182.129' (RSA) to the list of known hosts.
    root@192.168.182.129's password: 
    Permission denied, please try again.
    root@192.168.182.129's password: 
    Permission denied, please try again.
    root@192.168.182.129's password:  
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    [root@129-Slave fail2ban-0.8.14]# ssh 192.168.182.129
    ssh: connect to host 192.168.182.129 port 22: Connection refused

    ########这里我故意输错3次密码,可以见到我第二次链接的时候直接被锁定了。#########

  • 相关阅读:
    最近的3个困惑:信守承诺、技术产品先行还是市场销售先行、客户从哪来
    最近的3个困惑:信守承诺、技术产品先行还是市场销售先行、客户从哪来
    详细回复某个CSDN网友,对我的文章和技术实力以及CSDN的吐槽
    详细回复某个CSDN网友,对我的文章和技术实力以及CSDN的吐槽
    2015年工作中遇到的问题:21-30(这10个问题很有价值)
    使用ABAP(ADBC)和Java(JDBC)连接SAP HANA数据库
    C4C和Outlook的集成
    Hybris开发环境的license计算实现
    CRM WebClient UI和Hybris里工作中心跳转的url生成逻辑
    CRM WebUI and Hybris的Product页面标题实现
  • 原文地址:https://www.cnblogs.com/yangxiaofei/p/5634943.html
Copyright © 2020-2023  润新知