Esinye sezona zixhaphakileyo zokuhlasela ngokuchasene neeseva kukuzama ukungena ngamandla. Kulapho abahlaseli bazama ukufikelela kwiseva yakho, bezama ukudibanisa okungapheliyo kwamagama abasebenzisi kunye neephasiwedi.
Ezi ntlobo zeengxaki Esona sisombululo sikhawulezayo nesona sisebenzayo kukunciphisa inani leenzame kunye nokubhloka ukufikelela kumsebenzisi okanye kwi-IP kangangexesha elithile. Kubalulekile ukuba wazi ukuba koku kukwakho nemithombo evulekileyo yokusetyenziswa eyilelwe ngokukodwa ukuzikhusela kolu hlobo lokuhlaselwa.
Kwiposti yanamhlanje, Ndiza kukwazisa enye ibizwa ngokuba yiFail2Ban. Ekuqaleni yaphuhliswa nguCyril Jaquier ngo-2004, iFail2Ban sisakhelo sesoftware sokuthintela ukungena ekukhuseleni iiseva kuhlaselo olunamandla.
Malunga neFail2ban
Fail2ban iskena iifayile zelog (/ var / log / apache / impazamo_log) kwaye kuthintela ii-IPs ezibonisa ububi, njengamaphasiwedi amaninzi aneempazamo kunye nokukhangela ubungozi njl.
Ngokubanzi, I-Fail2Ban isetyenziselwa ukuhlaziya imithetho ye-firewall ukwala iidilesi ze-IP Ixesha elichaziweyo, nangona nasiphi na isenzo esingenakuphikiswa (umzekelo, thumela i-imeyile) sinokuqwalaselwa.
Ukufaka iFail2Ban kwiLinux
I-Fail2Ban ifunyenwe ngaphakathi koovimba beenkqubo eziphambili zeLinux kwaye ngakumbi ngakumbi kwezona zisetyenziselwa ukusetyenziswa kwiiseva, ezinje ngeCentOS, iRHEL kunye noBuntu.
Kwimeko yoBuntu, chwetheza nje oku kulandelayo kufakelo:
sudo apt-get update && sudo apt-get install -y fail2ban
Ngelixa kwimeko yeCentos kunye neRHEL, kufuneka bathayiphe oku kulandelayo:
yum install epel-release
yum install fail2ban fail2ban-systemd
Ukuba une-SELinux kubalulekile ukuba uhlaziye imigaqo-nkqubo nge:
yum update -y selinux-policy*
Nje ukuba kwenziwe oku, kufuneka bazi ngaphambili ukuba iifayile zoqwalaselo zeFail2Ban zikwi / etc / fail2ban.
Uqwalaselo lwe IFail2Ban yahlulwe ikakhulu kwiifayile ezimbini eziphambili; Oku kusilela2ban.conf kunye nejele.conf. fail2ban.confes enkulu yeFail2Ban yefayile yoqwalaselo, apho unokumisela khona useto olufana:
- Inqanaba log.
- Ifayile yokungena.
- Inkqubo yesokethi yenkqubo.
- Ifayile pid.
jail.conf kulapho ulungiselela khona iinketho ezinje:
- Uqwalaselo lweenkonzo zokuzikhusela.
- Kuya kude kube nini ukuvalwa ukuba banokuhlaselwa.
- Idilesi ye-imeyile yokuthumela iingxelo.
- Isenzo esiza kuthathwa xa uhlaselo lufunyenwe.
- Iseti echazwe kwangaphambili yezicwangciso, ezinje ngeSSH.
Cwangcisa
Ngoku siza kuqhubeka nenxalenye yoqwalaselo, Into yokuqala esiza kuyenza kukugcina ifayile yethu yasejele.conf nge:
cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Kwaye siqhubeka nokuhlela ngoku nge-nano:
nano /etc/fail2ban/jail.local
Ngaphakathi siya kwicandelo [lokungagqibeki] apho sinokwenza khona uhlengahlengiso.
Apha kwinxalenye ye "ingoreip" ziidilesi ze-IP eziza kushiywa ngaphandle kwaye abayi kuhoywa ngokupheleleyo yiFail2Ban, leyo ngokusisiseko yi-IP yeseva (eyasekhaya) kunye nezinye ocinga ukuba mazingahoywa.
Ukusuka apho uye phambili ezinye ii-IPs ezingaphumelelanga ukufikelela kuzo ziya kuba kwinceba yokuvalwa kwaye ulinde inani lemizuzwana eliya kuvalwa
Emva kokumiselwa ngokubanzi, ngoku siza kubonisa inkonzo. I-Fail2Ban sele inazo izihluzi ezichazwe kwangaphambili zeenkonzo ezahlukeneyo. Yenza nje uhlengahlengiso oluthile. Nanku umzekelo:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
Ngotshintsho olufanelekileyo olwenziweyo, ekugqibeleni kuya kufuneka uphinde ulayishe iFail2Ban, isebenza:
service fail2ban reload
systemctl enable firewalld
systemctl start firewalld
Ngokwenza oko, masenze ukukhangela ngokukhawuleza ukubona ukuba iFail2Ban isebenza:
sudo fail2ban-client status
Unban i-IP
Ngoku siyivalile ngempumelelo i-IP, kuya kuthini ukuba sifuna ukungavumeli i-IP? Ukwenza oko, sinokuphinda sisebenzise i-fail2ban-client kwaye siyixelele ukungavumeli i-IP ethile, njengakumzekelo ongezantsi.
sudo fail2ban-client set ssh unbanip xxx.xxx.xx.xx
Phi "xxx…." Iya kuba yidilesi ye-IP oyibonisileyo.