社区首页 >专栏 >一日一工具|ssh加固之fail2ban

一日一工具|ssh加固之fail2ban

追马

发布于 2020-07-06 08:41:21

70000

代码可运行

文章被收录于专栏：一日一工具一日一工具

运行总次数：0

代码可运行

1 安装部署

# 创建 roles, 为的是一劳永逸，编写一次，到处运行

ansible-galaxy init fail2ban-init

# 然后编写 palybook, 目录结构如下
   tree fail2ban
fail2ban
├── README.md
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   ├── install.yml
│   ├── main.yml
│   ├── reboot.yml
│   └── sync-config.yml
├── templates
│   └── config.j2
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml

2 安装部署

   ansible-playbook -i hlist deploy.yml -uroot -k
[WARNING]: log file at /var/log/ansible.log is not writeable and we cannot create it, aborting

SSH password:

PLAY [hlists] **********************************************************************************************************************
Tuesday 12 May 2020  16:06:40 +0800 (0:00:00.197)       0:00:00.197 ***********

TASK [fail2ban : install fail2ban] *************************************************************************************************
ok: [192.168.1.25]

Tuesday 12 May 2020  16:06:47 +0800 (0:00:06.949)       0:00:07.146 ***********

TASK [fail2ban : sync config to remote machine] ************************************************************************************
ok: [192.168.1.25]
Tuesday 12 May 2020  16:06:49 +0800 (0:00:01.740)       0:00:08.887 ***********

TASK [fail2ban : restart fail2ban service] *****************************************************************************************
changed: [192.168.1.25]

PLAY RECAP *************************************************************************************************************************
192.168.1.25               : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Tuesday 12 May 2020  16:06:51 +0800 (0:00:02.310)       0:00:11.198 ***********
===============================================================================
fail2ban : install fail2ban ------------------------------------------------------------------------------------------------- 6.95s
fail2ban : restart fail2ban service ----------------------------------------------------------------------------------------- 2.31s
fail2ban : sync config to remote machine ------------------------------------------------------------------------------------ 1.74s

3 检测服务状态和测试功能

[root@zhuima ~]# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-05-12 16:06:51 CST; 1s ago
     Docs: man:fail2ban(1)
  Process: 11967 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
  Process: 11971 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 11973 (f2b/server)
   Memory: 9.3M
   CGroup: /system.slice/fail2ban.service
           └─11973 /usr/bin/python -s /usr/bin/fail2ban-server -xf ...

May 12 16:06:51 zhuima systemd[1]: Starting Fail2Ban Se...
May 12 16:06:51 zhuima systemd[1]: Started Fail2Ban Ser...
May 12 16:06:51 zhuima fail2ban-server[11973]: Server r...
Hint: Some lines were ellipsized, use -l to show in full.

客户端主机

 # fail2ban 的设置是 ssh 服务的最大尝试次数 为 5
 ↵ 2  ssh root@192.168.1.25
root@192.168.1.25's password:
Permission denied, please try again.
root@192.168.1.25'
Permission denied, please try again.
root@192.168.1.25's password:
root@192.168.1.25: Permission denied (publickey,password).

 ↵ SIG(127)  ssh root@192.168.1.25
root@192.168.1.25'
Permission denied, please try again.
root@192.168.1.25's password:
Permission denied, please try again.
root@192.168.1.25'









^C

# 再次访问的时候提示拒绝
 ↵ SIGINT(2)  ssh root@192.168.1.25
ssh: connect to host 192.168.1.25 port 22: Connection refused

 ↵ SIG(127)  ssh root@192.168.1.25
ssh: connect to host 192.168.1.25 port 22: Connection refused

fail2ban 机器

[root@zhuima ~]# fail2ban-client status
Status
|- Number of jail:  1
`- Jail list:  ssh-iptables
[root@zhuima ~]#
[root@zhuima ~]#
[root@zhuima ~]# fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- Filter
|  |- Currently failed:  0
|  |- Total failed:  5
|  `- File list:  /var/log/secure
`- Actions
   |- Currently banned:  1
   |- Total banned:  1
   `- Banned IP list:  192.168.1.153

4 目地

很多时候，常识性的认知会让我们觉得我机器没有公网 IP，只对外映射特定的端口出去，安全等级会上升很高，殊不知很多时候，内部员工的一些操作(在开发机器上下载未知来源的软件，安装一些比较偏门的工具) 很有可能会导致安全问题的发生，而且局域网安全防护相对入口来说还是比较薄弱的，使用fail2ban 加固 ssh 是一个不错的选择，当然 fail2ban 的功能不单单局限于作用于 ssh 服务~

本文参与腾讯云自媒体同步曝光计划，分享自微信公众号。

原始发表：2020-05-12，如有侵权请联系 cloudcommunity@tencent.com 删除

ssh