無意間翻到威力寰這篇讓我心動了一下
過去只針對sshd安裝了denyhosts,但鑒於有安裝apache
等服務還是覺得不太安全來試裝了一下fail2ban,
在安裝前先把iptables給裝好
Debian ETCH
$sudo aptitude install iptables fail2ban
開始設定fail2ban
$sudo vi /etc/fail2ban/jail.local (拷貝/etc/fail2ban/jail.conf)
[DEFAULT]
ignoreip = 127.0.0.1 (空白鑑隔開填入要信任的ip位置)
bantime = -1 (設成了永久ban掉..)
maxretry = 20 (設定20次重試~)
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 20
[apache]
enabled = true
port = http
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 20
設定完後重跑
$sudo /etc/init.d/fail2ban restart
收工~
參考資料
Willie's Blog
沒有留言:
張貼留言