Yadda ake Sanya Fail2ban akan Rocky Linux da AlmaLinux
An rubuta shi cikin Python, Fail2ban kyauta ce kuma buɗe tushen Tsarin Kariyar Kutse (IPS) wanda ke ba da kariya ga uwar garken daga hare-hare na ƙarfi.
Bayan ƙayyadadden adadin yunƙurin kalmar sirri ba daidai ba, an hana adireshin IP na abokin ciniki shiga tsarin na wani ƙayyadadden lokaci ko har sai mai sarrafa tsarin ya buɗe shi. Ta wannan hanyar, ana kiyaye tsarin daga maimaita hare-haren wuce gona da iri daga runduna guda.
[Za ku iya kuma son: Yadda ake Aminta da Harden OpenSSH Server]
Fail2ban abu ne mai daidaitawa sosai kuma ana iya saita shi don amintar ɗimbin ayyuka kamar SSH, vsftpd, Apache, da Webmin.
A cikin wannan jagorar, mun mai da hankali kan yadda zaku iya shigarwa da daidaita Fail2ban akan Rocky Linux da AlmaLinux.
Mataki 1: Tabbatar da Firewalld yana Gudu
Ta hanyar tsoho, Rocky yana zuwa tare da Firewalld yana gudana. Koyaya, idan wannan ba haka bane akan tsarin ku, fara Firewalld ta aiwatarwa:
$ sudo systemctl start firewalld
Sannan kunna shi don farawa akan lokacin boot:
$ sudo systemctl enable firewalld
Sannan tabbatar da matsayin Firewalld
$ sudo systemctl status firewalld
Bugu da kari, zaku iya tabbatar da duk dokokin Firewalld a halin yanzu ana aiwatar da su ta amfani da umarnin:
$ sudo firewall-cmd --list-all
Mataki 2: Sanya EPEL a cikin Rocky Linux
A matsayin buƙatu don shigar da fail2ban da sauran fakitin da ake buƙata, kuna buƙatar shigar da ma'ajiyar EPEL wanda ke ba da ƙarin fakiti masu inganci don rarraba tushen RHEL.
$ sudo dnf install epel-release
Mataki 3: Sanya Fail2ban a cikin Rocky Linux
Tare da shigar EPEL, ci gaba kuma shigar da fail2ban da fakitin fail2ban-firewalld.
$ sudo dnf install fail2ban fail2ban-firewalld
Wannan yana shigar da uwar garken fail2ban da bangaren firewalld tare da sauran abubuwan dogaro.
Tare da shigarwa na fail2ban cikakke, fara sabis na fail2ban.
$ sudo systemctl start fail2ban
Kuma kunna shi don farawa akan lokacin taya.
$ sudo systemctl enable fail2ban
Kuna iya tabbatar da matsayin sabis ɗin fail2ban ta hanyar aiwatar da umarnin:
$ sudo systemctl status fail2ban
Fitowar tabbaci ne cewa Fail2ban yana gudana kamar yadda muke tsammani.
Mataki 4: Saita Fail2ban a cikin Rocky Linux
Ci gaba, muna buƙatar saita fail2ban don yin aiki kamar yadda aka yi niyya. Da kyau, za mu gyara babban fayil ɗin sanyi - /etc/fail2ban/jail.conf. Duk da haka, wannan ya hana. A matsayin wurin aiki zai kwafi abubuwan da ke cikin fayil ɗin sanyi na jail.conf zuwa fayil ɗin jail.local.
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Yanzu, buɗe fayil ɗin jail.local ta amfani da editan da kuka fi so.
$ sudo vim /etc/fail2ban/jail.local
A ƙarƙashin sashin [DEFAULT], tabbatar kana da saitunan masu zuwa kamar yadda suka bayyana.
bantime = 1h findtime = 1h maxretry = 5
Bari mu ayyana sifofin:
- Umarnin bantime ya fayyace tsawon lokacin da za a dakatar da abokin ciniki sakamakon gazawar yunƙurin tabbatarwa.
- Umarnin gano lokacin shine tsawon lokaci ko lokacin da kasa2ban za ta yi la'akari da lokacin da ake la'akari da ƙoƙarin ƙoƙarin kalmar sirri da aka maimaita akai-akai.
- Madaidaicin maxretry shine matsakaicin adadin ƙoƙarin kalmar sirri mara daidai kafin a toshe abokin ciniki mai nisa daga shiga sabar. Anan, za a kulle abokin ciniki bayan gazawar tantancewa guda 5.
Ta hanyar tsoho, fail2ban yana aiki tare da iptables. Duk da haka, an soke wannan don goyon bayan firewalld. Muna buƙatar saita fail2ban don yin aiki tare da firewalld maimakon iptables.
Don haka, gudanar da umarni:
$ sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
Don amfani da canje-canje, sake kunna fail2ban:
$ sudo systemctl restart fail2ban
Mataki 5: Aminta da sabis na SSH tare da Fail2ban
Ta hanyar tsoho, fail2ban baya toshe duk wani mai watsa shiri mai nisa har sai kun kunna tsarin gidan yari don sabis ɗin da kuke son kiyayewa. An ƙayyade tsarin gidan yari a cikin hanyar /etc/fail2ban/jail.d kuma zai soke tsarin da aka ƙayyade a cikin fayil ɗin jail.local.
A cikin wannan misalin, za mu ƙirƙiri fayil ɗin sanyi na kurkuku don kare sabis na SSH. Don haka, ƙirƙiri fayil ɗin kurkukun SSH.
$ sudo vim /etc/fail2ban/jail.d/sshd.local
Na gaba, liƙa layukan masu zuwa:
[sshd] enabled = true # Override the default global configuration # for specific jail sshd bantime = 1d maxretry = 3
A cikin tsarin da ke sama, za a dakatar da mai watsa shiri mai nisa daga samun damar tsarin don kwana 1 bayan 3 ya gaza ƙoƙarin shiga SSH. Ajiye canje-canje kuma sake kunna sabis na kasa2ban.
$ sudo systemctl restart fail2ban
Bayan haka, tabbatar da yanayin daidaitawar gidan yari ta amfani da mai amfani-layin umarni-abokin ciniki na kasa2ban-abokin ciniki.
$ sudo fail2ban-client status
Daga fitarwa, zamu iya ganin cewa muna da gidan yari 1 da aka tsara don sabis da ake kira 'sshd'.
Bugu da kari, zaku iya tabbatar da ƙimar maxretry na gidan yarin sshd ta amfani da zaɓin samun.
$ sudo fail2ban-client get sshd maxretry 3
Ya kamata darajar da aka buga 3 ta dace da abin da kuka ayyana a cikin fayil ɗin sshd.local.
Mataki na 6: Gwajin Fail2ban Kanfigareshan
Bayan kafa fail2ban da ƙirƙirar fayil ɗin sanyi na gidan yari don sabis ɗin SSH, za mu yi gwajin gwaji kuma mu kwaikwayi 3 gazawar shiga ta hanyar tantance kalmar sirri mara daidai ga kowane kalmar sirri.
Don haka je zuwa tsarin Linux mai nisa kuma kuyi ƙoƙarin shiga ta amfani da kalmar sirri mara kyau. Bayan yunƙurin 3 da ba su yi nasara ba, za a watsar da haɗin kuma duk wani ƙoƙari na sake haɗawa na gaba za a toshe shi har sai lokacin dakatarwar ya ƙare.
Don tattara bayanai kan tsarin abokin ciniki da aka toshe duba matsayin gidan yari.
$ sudo fail2ban-client status sshd
Don cirewa ko cire abokin ciniki daga gidan yari, aiwatar da umarnin:
$ sudo fail2ban-client unban 192.168.2.102
Har yanzu, duba matsayin gidan yari don tabbatar da cewa ba a haɗa abokin ciniki cikin jerin IP da aka haramta ba.
$ sudo fail2ban-client status sshd
Kamar yadda muka gani, Fail2ban kayan aiki ne mai fa'ida sosai don karewa masu kutse da ke neman keta tsarin Linux ɗin ku. Yana aiki tare da Firewalld don dakatar da tsarin abokin ciniki na ƙayyadadden lokaci bayan takamaiman adadin yunƙurin shiga da ya gaza. Yin haka, yana ba da ƙarin kariya ga uwar garken Linux ɗin ku.