Untuk mengatasi brute-force akun SSH di CentOS kita menggunakan fail2ban untuk memblokir ip-ip yang mencoba menerka password akun linux anda.

Install EPEL

yum install epel-release -y

Install fail2ban CentOS 7

yum install fail2ban sendmail

Konfigurasi fail2ban

Konfigurasi fail2ban berada di folder /etc/fail2ban

mv /etc/fail2ban/jail.local /tmp
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
cat /tmp/jail.local >> /etc/fail2ban/jail.local

Edit file /etc/fail2ban/jail.local
ubah bagian

backend = auto
enabled = false

menjadi

backend = systemd
enabled = true

Lalu restart fail2ban

service fail2ban restart
# atau
systemctl start fail2ban

Aktifkan fail2ban sewaktu restart/booting

systemctl enable fail2ban

Cek ip yang membrute force server anda

cat /var/log/secure | grep 'Failed password'
# output
Feb 28 10:24:25 jering sshd[30275]: Failed password for root from 55.55.25 port 38224 ssh2
Feb 28 10:24:34 jering sshd[30275]: Failed password for root from 55.5.55.25 port 38224 ssh2

Cek status fail2ban dengan fail2ban-client status

fail2ban-client status

IP yang diblokir bisa dilihat dengan

iptables -L

Tulisan menarik lainnya

Leave a comment

Your email address will not be published. Required fields are marked *