ป้องกันเบื้องต้นได้ด้วย fail2ban วิธีการติดตั้ง
yum install epel-release
yum install fail2ban
systemctl enable fail2ban
ตั้งค่าก่อนใช้งาน
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.conf
สำหรับการตั้งค่า
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
[sshd]
enabled = true
มาเช็ค Log กัน
# cat /var/log/secure | grep 'Failed password'
# cat /var/log/secure
# fail2ban-client status
# fail2ban-client status sshd
แค่นี้ก็ใช้งานได้แล้ว