Untuk mengatasi brute-force akun SSH di CentOS kita menggunakan fail2ban untuk memblokir ip-ip yang mencoba menerka password akun linux anda.
Install EPEL
yum install epel-release -y
|
yum install epel-release -y
Install fail2ban CentOS 7
yum install fail2ban sendmail
|
yum install fail2ban sendmail
Konfigurasi fail2ban
Konfigurasi fail2ban berada di folder /etc/fail2ban
mv /etc/fail2ban/jail.local /tmp
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
cat /tmp/jail.local >> /etc/fail2ban/jail.local
|
mv /etc/fail2ban/jail.local /tmp
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
cat /tmp/jail.local >> /etc/fail2ban/jail.local
Edit file /etc/fail2ban/jail.local
ubah bagian
backend = auto
enabled = false
|
backend = auto
enabled = false
menjadi
backend = systemd
enabled = true
|
backend = systemd
enabled = true
Lalu restart fail2ban
service fail2ban restart
# atau
systemctl start fail2ban
|
service fail2ban restart
# atau
systemctl start fail2ban
Aktifkan fail2ban sewaktu restart/booting
systemctl enable fail2ban
|
systemctl enable fail2ban
Cek ip yang membrute force server anda
cat /var/log/secure | grep 'Failed password'
# output
Feb 28 10:24:25 jering sshd[30275]: Failed password for root from 55.55.25 port 38224 ssh2
Feb 28 10:24:34 jering sshd[30275]: Failed password for root from 55.5.55.25 port 38224 ssh2
|
cat /var/log/secure | grep ‘Failed password’
# output
Feb 28 10:24:25 jering sshd[30275]: Failed password for root from 55.55.25 port 38224 ssh2
Feb 28 10:24:34 jering sshd[30275]: Failed password for root from 55.5.55.25 port 38224 ssh2
Cek status fail2ban dengan fail2ban-client status
IP yang diblokir bisa dilihat dengan