CentOS 7如何安装fail2ban和Firewalld防止爆破与CC攻击

CentOS 7 is a popular and widely-used operating system for servers. In order to enhance the security of your server and protect it from brute force attacks and CC attacks, it is essential to install fail2ban and Firewalld. Below are the detailed steps to install and configure fail2ban and Firewalld on CentOS 7.

1. Installing fail2ban

Before we begin, let's update the system to ensure that we have the latest packages:

sudo yum update -y

Next, install fail2ban using the following command:

sudo yum install fail2ban -y

Once installed, start fail2ban and enable it to run on system boot:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

2. Configuring Firewalld

Start by installing Firewalld:

sudo yum install firewalld -y

Start the Firewalld service and set it to start on boot:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Now, add rules for the desired ports, for example, SSH port 22:

sudo firewall-cmd --permanent --add-port=22/tcp
sudo firewall-cmd --reload

3. Configuring fail2ban

Begin by editing the jail.local file:

sudo vi /etc/fail2ban/jail.local

Add the following content to the file:

[ssh]
enabled = true
port = 22
filter = sshd
logpath = /var/log/secure
maxretry = 3
action = firewallcmd-ipset

Create the firewallcmd-ipset action file:

sudo vi /etc/fail2ban/action.d/firewallcmd-ipset.conf

Open the file and add the necessary configuration:

[Actions]
Options used by actions
default = 0.0.0.0/0
bantime = 3600
maxretry = 3
ignoreip = 127.0.0.1/8
banip = 0.0.0.0/0
findtime = 600

Finally, restart the fail2ban service to apply the new configurations:

sudo systemctl restart fail2ban

By following these steps, you have successfully installed and configured fail2ban and Firewalld on CentOS 7, providing enhanced protection against brute force and CC attacks.

Related Questions and Answers

Q: How can I check the banned IP addresses?

A: You can use the following command to view the banned IP addresses:

sudo fail2ban-client status ssh

Q: How can I unban a specific IP address?

A: To unban a specific IP address, use the following command (replace <IP> with the actual IP address):

sudo firewall-cmd --permanent --zone=public --remove-source=<IP>/32
sudo firewall-cmd --reload

We encourage you to leave any questions, feedback, or suggestions in the comments section. Thank you for reading and stay tuned for more insightful content!

本文链接：https://www.24zzc.com/news/171116260064176.html