可防範對某一服務的暴力破解或掃描的行為
- ready
install and active firewalld
install epel-release - install
yum install -y fail2ban - add /etc/fail2ban/jail.local, can use nano
[DEFAULT]
# white list
ignoreip = 127.0.0.1
# ban time
bantime = 600
# ho much time to try to maxretry
findtime = 600
# try time
maxretry = 5
[sshd]
# [service name]
enabled = true - active
systemctl enable fail2ban
systemctl start fail2ban
沒有留言:
張貼留言