在 linode 上開的機器每次在登入時都會有這個訊息:
There were 9487 failed login attempts since the last successful login.
就想處理一下,簡單爬文發現大家都用這個 fail2ban。
這邊簡短地記錄安裝及使用方法,環境是 fedora 35。
sudo dnf update && sudo dnf upgrade -y
sudo dnf install fail2ban
systemctl start fail2ban
systemctl enable fail2ban
開啟 /etc/fail2ban/jail.local,輸入下面的設定內容
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/fail2ban.log
maxretry = 3
開啟 /etc/fail2ban/jail.d/sshd.local,輸入下面的設定內容
[sshd]
enabled = true
filter = sshd
port = ssh
logpath = %(sshd_log)s
backend = auto
完成後再重啟服務:
systemctl restart fail2ban
這樣就完成了。
網路上有的說要設定 /etc/fail2ban/jail.local 有的又說要設定 /etc/fail2ban/jail.d/sshd.local,我懶得測了所以都放XD
Ref
- https://www.linode.com/community/questions/18132/is-someone-trying-to-hack-me
- https://www.networkworld.com/article/3653354/using-fail2ban-on-fedora.html
- https://bbs.archlinux.org/viewtopic.php?id=255152
- https://serverfault.com/questions/1016722/enabling-other-jails-in-fail2ban-other-than-ssh
- https://stackoverflow.com/questions/42320994/cant-enable-fail2ban-jail-sshd