fail2ban

https://www.evoluso.com/how-to-protect-ssh-with-fail2ban-on-centos-6/

 

https://www.lesstif.com/pages/viewpage.action?pageId=43843899

 

[명령어]

service fail2ban start / stop

 

fail2ban-client status sshd

fail2ban-client status mysqld-auth

 

 

whois 패키지 쓸라면?? -> yum install jwhois

[DEFAULT]

ignoreip = 127.0.0.1/8 192.168.0.1/255 
bantime = 7200
findtime = 600
maxretry = 3

destemail =
sender = root@API-WH
mta = sendmail
action = %(action_mw)s
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

logpath = /var/log/fail2ban.log

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry= 3
bantime = 7200