SSHD
# 在原端口 22 下,新增 sshd 端口 20000,并 开启账号密码登录、开启 root 账号登录
vim /etc/ssh/sshd_config
Port 20000
PasswordAuthentication yes
PermitRootLogin yes
# 查看状态
systemctl status sshd.service
# 启动服务
systemctl start sshd.service
# 重启服务
systemctl restart sshd.service
# 开机自启
systemctl enable sshd.service
iptables
# centos7
vim /etc/sysconfig/iptables
# 加入如下代码
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# 保存退出后重启防火墙
wq
# centos6 重启
service iptables restart
# centos7 重启
/bin/systemctl restart iptables.service
firewall
# 安装
yum install firewalld
# 状态
systemctl status firewalld.service
# 启动
systemctl start firewalld.service
# 关闭
systemctl stop firewalld.service
# 重启
systemctl restart firewalld.service
# 开机启动
systemctl enable firewalld.service
# 取消开机启动
systemctl disable firewalld.service
# 命令的方式添加端口,需要重启一次服务
firewall-cmd --zone=public --add-port=22/tcp --permanent
# 命令的方式删除端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent
# 重载配置
firewall-cmd --reload
# 查看状态
firewall-cmd --state
# 查看防火墙规则
firewall-cmd --list-all
# 查看已放行端口
firewall-cmd --zone=public --list-ports
fail2ban
# CentOS 内置源并未包含 fail2ban,需要先安装 epel 源
yum -y install epel-release
#安装fial2ban
yum -y install fail2ban
# 编辑配置
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
vim /etc/fail2ban/jail.local
# my set 配置,名称为 ssh-iptables
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=22, protocol=tcp]
# sendmail-whois[name=SSH, dest=zhuoqun527@qq.com, sender=fail2ban@email.com]
logpath = /var/log/secure
maxretry = 3
bantime = 300
# 启动服务
systemctl start fail2ban.service
# 启动
systemctl start fail2ban
# 重启
systemctl restart fail2ban
# 开机启动
systemctl enable fail2ban
# 查看状态
systemctl status fail2ban.service
# 查看配置状态
fail2ban-client status
# 默认配置
cat /etc/fail2ban/jail.conf
# 查看被 ban IP,其中 ssh-iptables 为名称,比如上面的[ssh-iptables]
fail2ban-client status ssh-iptables
# 查看登陆失败日志
cat /var/log/secure | grep 'Failed password'
# 解锁 ip
fail2ban-client set ssh-iptables unbanip IPADDRESS
# lastb: 列出登入系统失败的用户相关信息
last|awk '{a[$3] }END{for(i in a){print i, a[i]}}'|sort -rnk 2|head -20