centos7 之 sshd，iptables，firewall，fail2ban 常用操作

SSHD

# 在原端口 22 下，新增 sshd 端口 20000，并 开启账号密码登录、开启 root 账号登录

vim /etc/ssh/sshd_config

Port 20000

PasswordAuthentication yes

PermitRootLogin yes

# 查看状态

systemctl status sshd.service

# 启动服务

systemctl start sshd.service

# 重启服务

systemctl restart sshd.service

# 开机自启

systemctl enable sshd.service

iptables

# centos7

vim /etc/sysconfig/iptables

# 加入如下代码

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

# 保存退出后重启防火墙

wq

# centos6 重启

service iptables restart

# centos7 重启

/bin/systemctl restart iptables.service

firewall

# 安装

yum install firewalld

# 状态

systemctl status firewalld.service

# 启动

systemctl start firewalld.service

# 关闭

systemctl stop firewalld.service

# 重启

systemctl restart firewalld.service

# 开机启动

systemctl enable firewalld.service

# 取消开机启动

systemctl disable firewalld.service

# 命令的方式添加端口，需要重启一次服务

firewall-cmd --zone=public --add-port=22/tcp --permanent

# 命令的方式删除端口

firewall-cmd --zone=public --remove-port=22/tcp --permanent

# 重载配置

firewall-cmd --reload

# 查看状态

firewall-cmd --state

# 查看防火墙规则

firewall-cmd --list-all

# 查看已放行端口

firewall-cmd --zone=public --list-ports

fail2ban

# CentOS 内置源并未包含 fail2ban，需要先安装 epel 源

yum -y install epel-release

#安装fial2ban

yum -y install fail2ban

# 编辑配置

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

vim /etc/fail2ban/jail.local

# my set 配置，名称为 ssh-iptables

[ssh-iptables]

enabled = true

filter = sshd

action = iptables[name=SSH, port=22, protocol=tcp]

# sendmail-whois[name=SSH, dest=zhuoqun527@qq.com, sender=fail2ban@email.com]

logpath = /var/log/secure

maxretry = 3

bantime = 300

# 启动服务

systemctl start fail2ban.service

# 启动

systemctl start fail2ban

# 重启

systemctl restart fail2ban

# 开机启动

systemctl enable fail2ban

# 查看状态

systemctl status fail2ban.service

# 查看配置状态

fail2ban-client status

# 默认配置

cat /etc/fail2ban/jail.conf

# 查看被 ban IP，其中 ssh-iptables 为名称，比如上面的[ssh-iptables]

fail2ban-client status ssh-iptables

# 查看登陆失败日志

cat /var/log/secure | grep 'Failed password'

# 解锁 ip

fail2ban-client set ssh-iptables unbanip IPADDRESS

# lastb: 列出登入系统失败的用户相关信息

last|awk '{a[$3]++}END{for(i in a){print i, a[i]}}'|sort -rnk 2|head -20