Go to Qiita Advent Calendar 2024 Top
LoginSignup
8
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@bezeklik(Bezeklik)

ブルートフォース攻撃対策 Fail2ban

Last updated at Posted at 2016-11-27

Fail2ban

他に DenyHosts や Sshguard がある。詳しくは「DoS攻撃/ブルートフォース攻撃対策アプリの近況」を参照。

パッケージ群

EPEL リポジトリからインストールできるパッケージ群は以下の通り。

fail2ban-all.noarch : Install all Fail2Ban packages and dependencies
fail2ban-firewalld.noarch : Firewalld support for Fail2Ban
fail2ban-hostsdeny.noarch : Hostsdeny (tcp_wrappers) support for Fail2Ban
fail2ban-mail.noarch : Mail actions for Fail2Ban
fail2ban-sendmail.noarch : Sendmail actions for Fail2Ban
fail2ban-server.noarch : Core server component for Fail2Ban
fail2ban-shorewall.noarch : Shorewall support for Fail2Ban
fail2ban-systemd.noarch : Systemd journal configuration for Fail2Ban
fail2ban-tests.noarch : Fail2Ban testcases
fail2ban.noarch : Daemon to ban hosts that cause multiple authentication errors

fail2ban-all パッケージを指定すると、fail2ban パッケージと比べて fail2ban-hostsdeny, fail2ban-mail, fail2ban-shorewall が余計にインストールされる模様。

インストール中:
 fail2ban
依存性関連でのインストールをします:
 fail2ban-firewalld
 fail2ban-sendmail
 fail2ban-server

インストール中:
 fail2ban-all
依存性関連でのインストールをします:
 fail2ban-firewalld
 fail2ban-hostsdeny
 fail2ban-mail
 fail2ban-sendmail
 fail2ban-server
 fail2ban-shorewall

インストール

yum install epel-release && yum update
yum install fail2ban fail2ban-systemd
systemctl start fail2ban && systemctl enable fail2ban

fail2ban-systemd パッケージは [DEFAULT]backend=systemd を明記するだけの jail.d/00-systemd.conf ファイルが追加される。

設定

設定ファイルの適用順序

  1. /etc/fail2ban/jail.conf
  2. /etc/fail2ban/jail.d/*.conf (アルファベット順)
  3. /etc/fail2ban/jail.local
  4. /etc/fail2ban/jail.d/*.local (アルファベット順)

ローカル設定ファイルの作成

cat << "_EOF_" > /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.0.0/24
# 1時間
bantime  = 3600 
# 10分
findtime = 600
maxretry = 3

[sshd]
enabled  = true

[postfix-sasl]
enabled  = true
# 1週間
bantime  = 604800
# 1日
findtime = 86400
_EOF_

再起動

systemctl restart fail2ban

ステータスの確認

fail2ban-client status
出力例
Status
|- Number of jail:	2
`- Jail list:	postfix-sasl, sshd

fail2ban-client status sshd
出力例
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:

禁止解除

fail2ban-client set sshd unbanip 192.0.2.1

ipset の確認

ipset --list
出力例
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 16528
References: 1
Members:

Name: fail2ban-postfix-sasl
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 604800
Size in memory: 16528
References: 1
Members:
8
13
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
8
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?