6
用fail2ban简简单单封掉ssh端口的试探
source link: https://bajie.dev/posts/20231228-fail2ban/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
用fail2ban简简单单封掉ssh端口的试探
2023-12-28
1 分钟阅读
用fail2ban简简单单封掉ssh端口的试探
有人不停试探登录22端口的openssh服务,ip量很大的话,比如1000多ip论番来,会导致服务的Loadavg升高到7左右,系统进程内ssh达到1000多,很困扰
如果改掉sshd的缺省端口22,那么scp以及sftp的时候会带来很大麻烦
这种情况就装个fail2ban就好,注意,Centos 7现在用的是fiewalld,所以fail2ban可以用ufw或者iptables,建议用iptables,比较容易看
#安装
yum install -y epel-release
yum install -y fail2ban
最主要的就是修改/etc/fail2ban/jail.conf
#vi /etc/fail2ban/jail.conf
......
[sshd-iptalbes]
enabled = true
filter = sshd
port = 22
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400
......
注意上面用的是iptables,三次尝试失败就ban一天。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK