MODOP – Fail2ban – Surveiller/Protéger service SSH d’un VPS

chris — Sat, 07 Aug 2021 14:56:47 +0000

1° ) Installation de Fail2ban

[root@vps-xxxxxxxxx chris]# yum update
[root@vps-xxxxxxxxx chris]# yum install fail2ban

2°Configuration de fail2ban

[root@vps-xxxxxxxxx chris]# vi /etc/fail2ban/jail.d/sshd.local

[DEFAULT]
bantime = 86400
findtime = 600
maxretry = 3
ignoreip = IP_votre_Server IP_Client_Admin
banaction = iptables-multiport
[sshd]
enabled = true

Configuration Fail2ban – SSH

[root@vps-xxxxxxxxx chris]# vi /etc/fail2ban/filter.d/sshd.conf

before = paths-fedora.conf
destemail = fail2ban@house.cpb
sender = vps@house.cpb
action = %(action_mwl)s

3°) Démarrer le service Fail2ban

[root@vps-xxxxxxxxx chris]# systemctl start fail2ban && systemctl enable fail2ban
[root@vps-xxxxxxxxx chris]# systemctl status fail2ban

4°) Vérifier les premières connexions frauduleuses.(Assez rapide)

[root@vps-xxxxxxxxx chris]# grep 'sshd.*Failed password for' /var/log/secure | head -10

Les IP « BAN » via Fail2ban.log

[root@vps-xxxxxxxxx chris]# tail -f /var/log/fail2ban.log

Côté Firewall

[root@vps-xxxxxxxxx chris]# iptables -L f2b-sshd -n –v

Tous les bannis

[root@vps-xxxxxxxxx chris]# iptables -S |grep f2b-sshd

Côté Jail de Fail2ban

[root@vps-xxxxxxxxx chris]# fail2ban-client status sshd

5°) Notifications

L’article MODOP – Fail2ban – Surveiller/Protéger service SSH d’un VPS est apparu en premier sur CoffeeBreak Info.

Archives des Fail2ban - CoffeeBreak Info

MODOP – Fail2ban – Surveiller/Protéger service SSH d’un VPS

1° ) Installation de Fail2ban

2°Configuration de fail2ban

3°) Démarrer le service Fail2ban

4°) Vérifier les premières connexions frauduleuses.(Assez rapide)

5°) Notifications