Ofaya daga cikin fitinar da aka saba da ita akan sabobin shine yunƙurin shigowa da ƙarfi. Anan ne maharan ke ƙoƙarin samun damar sabarku, suna ƙoƙarin haɗaɗɗun hanyoyin sunayen masu amfani da kalmomin shiga.
Don ire-iren wadannan matsalolin mafita mafi sauri kuma mafi inganci ita ce ta iyakance adadin yunƙuri da toshe hanyar isa ga mai amfani ko IP ɗin na wani lokaci. Yana da mahimmanci a san cewa saboda wannan akwai kuma aikace-aikacen buɗe tushen da aka tsara musamman don kare irin wannan harin.
A cikin rubutun yau, Zan gabatar muku da daya ana kiransa Fail2Ban. Asali Cyril Jaquier ne ya kirkireshi a 2004, Fail2Ban tsarin software ne na rigakafin kutse wanda yake kare sabobin daga mummunan harin ƙarfi.
Game da Rashin2ban
Fail2ban yayi awon files (/ var / log / apache / error_log) kuma yana hana IPs waɗanda ke nuna mummunan aiki, kamar kalmomin shiga da yawa da suka lalace da kuma neman lahani da dai sauransu.
Gaba ɗaya, Ana amfani da Fail2Ban don sabunta dokokin katangar don ƙin karɓar adiresoshin IP don wani takamaiman adadin lokaci, kodayake duk wani aiki na son zuciya (misali, aika email) shima ana iya saita shi.
Shigar da Fail2Ban akan Linux
Fail2Ban ana samun shi a mafi yawan wuraren ajiyar manyan rarraba Linux kuma ƙari musamman a cikin mafi yawan amfani dasu don amfani akan sabobin, kamar CentOS, RHEL da Ubuntu.
Game da Ubuntu, kawai rubuta waɗannan don shigarwa:
sudo apt-get update && sudo apt-get install -y fail2ban
Duk da yake a cikin batun Centos da RHEL, dole ne su rubuta mai zuwa:
yum install epel-release
yum install fail2ban fail2ban-systemd
Idan kuna da SELinux yana da mahimmanci a sabunta manufofin tare da:
yum update -y selinux-policy*
Da zarar an gama wannan, ya kamata su sani a gaba cewa Fail2Ban fayilolin daidaitawa suna cikin / etc / fail2ban.
Kan sanyi na Fail2Ban yafi kasu kashi biyu cikin fayel fayel; wadannan sune fail2ban.conf da jail.conf. fail2ban.confes babban fayil ɗin Fail2Ban sanyi, inda zaku iya saita saituna kamar:
- Matsayin log.
- Fayil don shiga.
- Fayil ɗin soket ɗin aiwatarwa.
- Fayil din fayil.
jail.conf shine inda kuka saita zaɓuɓɓuka kamar:
- Saitin ayyukan don karewa.
- Har yaushe za a hana idan za a kai musu hari.
- Adireshin imel ɗin don aika rahotanni.
- Aikin da za'ayi yayin da aka gano hari.
- Saitaccen tsarin saiti, kamar SSH.
sanyi
Yanzu zamu ci gaba zuwa bangaren daidaitawa, Abu na farko da zamuyi shine kwafin ajiyar fayil na gidan yarin mu.conf tare da:
cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Kuma muna ci gaba da yin gyara yanzu tare da Nano:
nano /etc/fail2ban/jail.local
A ciki zamu je bangaren [Tsoffin] inda zamu iya yin gyare-gyare.
Anan a cikin "ingoreip" akwai adiresoshin IP waɗanda za'a bar su kuma Fail2Ban zai yi watsi da su kwata-kwata, wannan shine asalin IP ɗin uwar garke (na gida) da sauran waɗanda kuke ganin yakamata a yi watsi dasu.
Daga can waje sauran IPs da suka kasa samun damar zasu kasance a rahamar hana su kuma jira lambar daƙiƙa cewa za a dakatar da shi (ta tsoho yana da sakan 3600) kuma wannan kasa2ban kawai ke aiki bayan ƙoƙarin 6 da bai yi nasara ba
Bayan daidaitaccen tsari, yanzu zamu nuna sabis ɗin. Fail2Ban ya riga yana da wasu tsayayyun filtata don ayyuka daban-daban. Don haka kawai yi wasu karbuwa. Ga misali:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
Tare da canje-canje masu dacewa da aka yi, a ƙarshe kuna buƙatar sake loda Fail2Ban, yana gudana:
service fail2ban reload
systemctl enable firewalld
systemctl start firewalld
Tare da yin wannan, bari muyi saurin dubawa don ganin cewa Fail2Ban yana gudana:
sudo fail2ban-client status
Cire IP
Yanzu da mun sami nasarar dakatar da IP, yaya za mu iya cire IP ɗin? Don yin hakan, zamu iya sake amfani da abokin ciniki na bad2ban kuma mu gaya masa ya cire takamaiman IP, kamar yadda yake a misalin da ke ƙasa.
sudo fail2ban-client set ssh unbanip xxx.xxx.xx.xx
Ina "xxx ...." Zai zama adireshin IP ɗin da kuka nuna.