> Linux命令 > 如何在AlmaLinux 2上安装Fail9Ban。

如何在AlmaLinux 2上安装Fail9Ban。

Linux命令 Edge插件网 1年前 (2023-09-09) 275次浏览 已收录 0个评论

Fail2Ban的核心是一个强大的入侵防御工具,可以作为服务器的警惕守护者。它会扫描日志文件以查找可疑活动,例如重复失败的登录尝试,并通过禁止违规 IP 地址立即采取措施。这种主动防御机制不仅可以阻止暴力攻击,还可以阻止恶意实体以您的服务器为目标。

如何在AlmaLinux 2上安装Fail9Ban。

在AlmaLinux 2上安装Fail9Ban。

第 1 步。在开始安装过程之前,请确保您的 AlmaLinux 9 系统是最新的。在终端中运行以下命令:

<span class="pln">sudo dnf update</span>

第 2 步。在AlmaLinux 2安装Fail9Ban。

  • 方法1:使用EPEL存储库。

首先,通过以 root 用户身份运行以下命令来启用 EPEL 存储库:

<span class="pln">sudo dnf install epel</span><span class="pun">-</span><span class="pln">release</span>

通过以 root 身份运行以下命令来安装 Fail2Ban:

<span class="pln">sudo dnf install fail2ban</span>

启动 Fail2Ban 服务,并通过以 root 用户身份运行以下命令使其能够在引导时自动启动:

<span class="pln">sudo systemctl start fail2ban
sudo systemctl enable fail2ban</span>

通过检查其状态来验证 Fail2Ban 是否正在运行:

<span class="pln">sudo systemctl status fail2ban</span>

如果 Fail2Ban 正在运行,您应该看到类似于以下内容的输出:

<span class="pun">●</span><span class="pln"> fail2ban</span><span class="pun">.</span><span class="pln">service </span><span class="pun">-</span> <span class="typ">Fail2Ban</span> <span class="typ">Service</span>
<span class="typ">Loaded</span><span class="pun">:</span><span class="pln"> loaded </span><span class="pun">(</span><span class="str">/usr/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">systemd</span><span class="pun">/</span><span class="pln">system</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">.</span><span class="pln">service</span><span class="pun">;</span><span class="pln"> enabled</span><span class="pun">;</span><span class="pln"> vendor preset</span><span class="pun">:</span><span class="pln"> disabled</span><span class="pun">)</span>
<span class="typ">Active</span><span class="pun">:</span><span class="pln"> active </span><span class="pun">(</span><span class="pln">running</span><span class="pun">)</span><span class="pln"> since </span><span class="typ">Mon</span> <span class="lit">2023</span><span class="pun">-</span><span class="lit">08</span><span class="pun">-</span><span class="lit">21</span> <span class="lit">10</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pln"> EDT</span><span class="pun">;</span> <span class="lit">1h</span><span class="pln"> ago
</span><span class="typ">Process</span><span class="pun">:</span> <span class="lit">1234</span> <span class="typ">ExecStart</span><span class="pun">=</span><span class="str">/usr/</span><span class="pln">bin</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">-</span><span class="pln">server </span><span class="pun">-</span><span class="pln">xf start </span><span class="pun">(</span><span class="pln">code</span><span class="pun">=</span><span class="pln">exited</span><span class="pun">,</span><span class="pln"> status</span><span class="pun">=</span><span class="lit">0</span><span class="pun">/</span><span class="pln">SUCCESS</span><span class="pun">)</span>
<span class="typ">Main</span><span class="pln"> PID</span><span class="pun">:</span> <span class="lit">1235</span> <span class="pun">(</span><span class="pln">fail2ban</span><span class="pun">-</span><span class="pln">server</span><span class="pun">)</span>
<span class="typ">Tasks</span><span class="pun">:</span> <span class="lit">1</span> <span class="pun">(</span><span class="pln">limit</span><span class="pun">:</span> <span class="lit">4915</span><span class="pun">)</span>
<span class="typ">Memory</span><span class="pun">:</span> <span class="lit">10.0M</span><span class="pln">
CPU</span><span class="pun">:</span> <span class="lit">1.234s</span>
<span class="typ">CGroup</span><span class="pun">:</span> <span class="str">/system.slice/</span><span class="pln">fail2ban</span><span class="pun">.</span><span class="pln">service
</span><span class="pun">└─</span><span class="lit">1235</span> <span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="pln">bin</span><span class="pun">/</span><span class="pln">python3 </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="pln">bin</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">-</span><span class="pln">server </span><span class="pun">-</span><span class="pln">xf start</span>

  • 方法 2:从源代码编译

如果您希望从源代码编译 Fail2Ban,您可以按照以下步骤操作:

通过以 root 身份运行以下命令来安装所需的依赖项:

<span class="pln">sudo dnf install gcc python3</span><span class="pun">-</span><span class="pln">devel</span>

接下来,从官网下载 Fail2Ban 源代码:

<span class="pln">wget https</span><span class="pun">:</span><span class="com">//github.com/fail2ban/fail2ban/archive/0.11.2.tar.gz</span>

提取源代码:

<span class="pln">tar xzf </span><span class="lit">0.11</span><span class="pun">.</span><span class="lit">2.tar</span><span class="pun">.</span><span class="pln">gz</span>

更改为解压缩的目录:

<span class="pln">cd fail2ban</span><span class="pun">-</span><span class="lit">0.11</span><span class="pun">.</span><span class="lit">2</span>

以 root 用户身份运行以下命令以编译并安装 Fail2Ban:

<span class="pln">python3 setup</span><span class="pun">.</span><span class="pln">py build
python3 setup</span><span class="pun">.</span><span class="pln">py install</span>

启动 Fail2Ban 服务,并通过以 root 用户身份运行以下命令使其能够在引导时自动启动:

<span class="pln">sudo systemctl start fail2ban
sudo systemctl enable fail2ban</span>

通过检查其状态来验证 Fail2Ban 是否正在运行:

<span class="pln">sudo systemctl status fail2ban</span>

如果 Fail2Ban 正在运行,您应该看到类似于以下内容的输出:

<span class="pun">●</span><span class="pln"> fail2ban</span><span class="pun">.</span><span class="pln">service </span><span class="pun">-</span> <span class="typ">Fail2Ban</span> <span class="typ">Service</span>
<span class="typ">Loaded</span><span class="pun">:</span><span class="pln"> loaded </span><span class="pun">(</span><span class="str">/usr/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">systemd</span><span class="pun">/</span><span class="pln">system</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">.</span><span class="pln">service</span><span class="pun">;</span><span class="pln"> enabled</span><span class="pun">;</span><span class="pln"> vendor preset</span><span class="pun">:</span><span class="pln"> disabled</span><span class="pun">)</span>
<span class="typ">Active</span><span class="pun">:</span><span class="pln"> active </span><span class="pun">(</span><span class="pln">running</span><span class="pun">)</span><span class="pln"> since </span><span class="typ">Mon</span> <span class="lit">2023</span><span class="pun">-</span><span class="lit">08</span><span class="pun">-</span><span class="lit">21</span> <span class="lit">10</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pln"> EDT</span><span class="pun">;</span> <span class="lit">1h</span><span class="pln"> ago
</span><span class="typ">Process</span><span class="pun">:</span> <span class="lit">1234</span> <span class="typ">ExecStart</span><span class="pun">=</span><span class="str">/usr/</span><span class="pln">bin</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">-</span><span class="pln">server </span><span class="pun">-</span><span class="pln">xf start </span><span class="pun">(</span><span class="pln">code</span><span class="pun">=</span><span class="pln">exited</span><span class="pun">,</span><span class="pln"> status</span><span class="pun">=</span><span class="lit">0</span><span class="pun">/</span><span class="pln">SUCCESS</span><span class="pun">)</span>
<span class="typ">Main</span><span class="pln"> PID</span><span class="pun">:</span> <span class="lit">1235</span> <span class="pun">(</span><span class="pln">fail2ban</span><span class="pun">-</span><span class="pln">server</span><span class="pun">)</span>
<span class="typ">Tasks</span><span class="pun">:</span> <span class="lit">1</span> <span class="pun">(</span><span class="pln">limit</span><span class="pun">:</span> <span class="lit">4915</span><span class="pun">)</span>
<span class="typ">Memory</span><span class="pun">:</span> <span class="lit">10.0M</span><span class="pln">
CPU</span><span class="pun">:</span> <span class="lit">1.234s</span>
<span class="typ">CGroup</span><span class="pun">:</span> <span class="str">/system.slice/</span><span class="pln">fail2ban</span><span class="pun">.</span><span class="pln">service
</span><span class="pun">└─</span><span class="lit">1235</span> <span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="pln">bin</span><span class="pun">/</span><span class="pln">python3 </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="pln">bin</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">-</span><span class="pln">server </span><span class="pun">-</span><span class="pln">xf start</span>

第 3 步。配置 Fail2Ban。

Fail2Ban的效力在于其量身定制的配置,允许您自定义其行为以匹配服务器的独特要求。

  1. 找到配置文件:

找到 Fail2Ban 配置文件以开始自定义:

<span class="pln">sudo nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">fail2ban</span><span class="pun">/</span><span class="pln">jail</span><span class="pun">.</span><span class="kwd">local</span>
  1. 了解配置参数:
  • 设置封禁时间和查找时间:

指定封禁时间(IP 封禁的持续时间)和查找时间(监视重复失败尝试的时间范围)。

<span class="pln">banTime </span><span class="pun">=</span> <span class="lit">3600</span><span class="pln">
findtime </span><span class="pun">=</span> <span class="lit">600</span>
  • 指定最大重试次数:

定义实施禁令之前的最大重试次数:

<span class="pln">maxRetry </span><span class="pun">=</span> <span class="lit">5</span>
  • 定义禁令行动:

确定 Fail2Ban 在检测到值得禁止的事件(例如,发送电子邮件通知)时采取的操作:

<span class="pln">action </span><span class="pun">=</span><span class="pln"> iptables</span><span class="pun">[</span><span class="pln">name</span><span class="pun">=</span><span class="pln">SSH</span><span class="pun">,</span><span class="pln"> port</span><span class="pun">=</span><span class="pln">ssh</span><span class="pun">,</span><span class="pln"> protocol</span><span class="pun">=</span><span class="pln">tcp</span><span class="pun">]</span>
  1. 为特定服务自定义监狱:

为服务器上的关键服务定制 Fail2Ban 的保护:

  • SSH访问:
<span class="pun">[</span><span class="pln">sshd</span><span class="pun">]</span><span class="pln">
enabled </span><span class="pun">=</span> <span class="kwd">true</span>
  • Apache Web Server:
<span class="pun">[</span><span class="pln">apache</span><span class="pun">]</span><span class="pln">
enabled </span><span class="pun">=</span> <span class="kwd">true</span>
  • 电子邮件服务(后缀,发送邮件):
<span class="pun">[</span><span class="pln">postfix</span><span class="pun">]</span><span class="pln">
enabled </span><span class="pun">=</span> <span class="kwd">true</span>
<span class="pun">[</span><span class="pln">sendmail</span><span class="pun">]</span><span class="pln">
enabled </span><span class="pun">=</span> <span class="kwd">true</span>
  1. 启用和禁用监狱:

根据服务器的服务微调您的监狱选择。要启用或禁用 jail,请相应地修改参数。enabled

感谢您使用本教程在您的 AlmaLinux 2 系统上安装 Fail9Ban。有关其他帮助或有用信息,我们建议您查看官方 Fail2Ban 网站

Edge插件网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:如何在AlmaLinux 2上安装Fail9Ban。
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址