fail2ban 설치
[Msnote, /usr/local/src >vi /etc/yum.repos.d/CentOS-Base.repo
> 아래 내용추가후~
[Msnote, /usr/local/src >yum install fail2ban
####################내용추가######################
[dag]
name=Dag RPM Repostory for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
[kbs-CentOS-Misc]
name=CentOS.Karan.Org-EL$releasever – Stable
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
gpgcheck=1
enabled=1
baseurl=http://centos.karan.org/el$releasever/misc/stable/$basearch/RPMS/
#####################내용끝######################
[Msnote, /etc/fail2ban >vi /etc/fail2ban/jail.conf
> SSH 를 예로 적용한사례
#enabled = false //미적용
enabled = true // 적용
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure // 참조로그
maxretry = 5 // 시도횟수
bantime = 600 // 밴타임
iptables -vnL
fail2ban 실행시 체인생성됨
193 11048 fail2ban-SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain fail2ban-SSH (1 references)
> 여기에 드랍IP가 표시됨!
http://www.myservlab.com/196
http://r3dux.org/2013/06/how-to-stop-apache-dos-attacks-with-fail2ban/
apache-post
jail.conf
[apache-post]
enabled = true
filter = apache-post
action = iptables[name=httpd, port=80, protocol=tcp]
sendmail-whois[name=post_block, dest=yourmail@example.com]
logpath = /var/log/httpd/access_log
findtime = 10
bantime = 183600
maxretry = 10
apache-post.conf -.*”POST.*
# Fail2Ban configuration file
#
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: Regexp to catch known spambots and software alike. Please verify
# that it is your intent to block IPs which were driven by
# abovementioned bots.
# Values: TEXT
#
failregex = ^
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =