Instalasi Fail2ban di CentOS/RedHat – Salah satu cara untuk mengatasi bruteforce pada server bisa menggunakan salah satu aplikasi yang bernama Fail2ban, aplikasi tersebut bekerja dengan cara memblokir IP yang berusaha melakukan bruteforce berdasarkan dengan logpath yang ditentukan pada server.
Bagaimana cara melakukan instalasinya? Berikut ialah cara-nya :
- Install epel-release
# yum install epel-release- Install fail2ban
# yum install fail2ban- Konfigurasi file jail.conf yang berada pada direktori /etc/fail2ban , backup terlebih dahulu file jail.conf tersebut sebelum melakukan konfigurasi
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.backup- Edit file jail.conf
# vim /etc/fail2ban/jail.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 747 $
## The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 192.168.100.101/32
# "bantime" is the number of seconds that a host is banned.
bantime = 15600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
# is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will choose Gamin if available and polling otherwise.
backend = auto
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3Note : Dari konfigurasi diatas kita akan set untuk sshd dengan membaca log yang berada pada file /var/log/secure dengan maksimal percobaan 3 kali, apabila melebihi 3 kali maka IP tersebut akan diblok selama 15600 detik
- Restart service untuk mengaktifkan fail2ban
# service fail2ban restart- cek service fail2ban
# service fail2ban status
Redirecting to /bin/systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: active (running) since Jum 2019-02-22 09:03:50 WIB; 1 months 20 days ago
Docs: man:fail2ban(1)
Main PID: 19042 (fail2ban-server)
CGroup: /system.slice/fail2ban.service
└─19042 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.- Cek IP yang melakukan bruteforce
# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp dpt:443
f2b-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-SSH (1 references)
target prot opt source destination
REJECT all -- 37.187.248.39 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 138.197.162.28 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 61.0.242.100 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 159.65.81.187 0.0.0.0/0 reject-with icmp-port-unreachable
Refrensi | Baca juga : Can’t connect to TCP port 10024 on ::1 [Cannot assign requested address] Zimbra
Semoga bermanfaat & enjoy, wassalamualaikum