Yadda ake Amfani da Fail2ban don Tsare Sabar Linux ɗin ku
Inganta tsaron uwar garken ku ya kamata ya zama ɗaya daga cikin manyan abubuwan da kuka fi ba da fifiko idan ana batun sarrafa sabar Linux. Ta hanyar bitar rajistan ayyukan sabar ku, sau da yawa kuna iya samun yunƙuri daban-daban don shiga cikin ƙarfi, ambaliya ta yanar gizo, neman amfani da sauran su.
Tare da software na rigakafin kutse kamar fail2ban, zaku iya bincika rajistan ayyukan sabar ku kuma ƙara ƙarin ƙa'idodin iptables don toshe adiresoshin IP masu matsala.
Wannan koyawa za ta nuna muku yadda ake shigar da fail2ban da saitin asali na asali don kare tsarin Linux ɗinku daga hare-haren ƙarfi.
An rubuta Fail2ban a cikin Python kuma kawai abin da ake bukata shine a sanya Python:
- Fail2ban reshen 0.9.x yana buƙatar Python>=2.6 ko Python>=3.2
- Fail2ban reshen 0.8.x yana buƙatar Python>=2.4
- Samar da tushen tushen tsarin ku
- Optionally, iptables ko showewall da sendmail
Yadda ake Sanya Fail2Ban a cikin Linux Systems
Shigar da fail2ban yana da sauƙi:
Da farko, sabunta fakitinku, kunna ma'ajiyar Epel kuma shigar da fail2ban kamar yadda aka nuna.
# yum update # yum install epel-release # yum install fail2ban
Da farko, sabunta fakitinku kuma shigar da fail2ban kamar yadda aka nuna.
# apt-get update && apt-get upgrade -y # apt-get install fail2ban
Zabi, idan kuna son kunna goyan bayan wasiku (don sanarwar wasiku), zaku iya shigar da saƙon.
# yum install sendmail [On CentOS/RHEL] # apt-get install sendmail-bin sendmail [On Debian/Ubuntu]
Don kunna fail2ban da sendmail yi amfani da umarni masu zuwa:
# systemctl start fail2ban # systemctl enable fail2ban # systemctl start sendmail # systemctl enable sendmail
Yadda ake saita Fail2ban a cikin Linux Systems
Ta hanyar tsoho, fail2ban yana amfani da fayilolin .conf dake cikin /etc/fail2ban/ waɗanda aka fara karantawa. Koyaya, fayilolin .local na iya shafe su a cikin kundin adireshi ɗaya.
Don haka, fayil ɗin .local baya buƙatar haɗa dukkan saitunan daga fayil ɗin .conf, amma waɗanda kuke son sokewa kawai. Ya kamata a yi canje-canje a cikin fayilolin .local, ba a cikin .conf ba. Wannan zai hana canje-canjen rubutu lokacin haɓaka fakitin fail2ban.
Don manufar wannan koyawa, za mu kwafi fayil ɗin fail2ban.conf na yanzu zuwa fail2ban.local.
# cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
Yanzu zaku iya yin canje-canje a cikin fayil ɗin .local ta amfani da editan rubutu da kukafi so. Ƙimar da za ku iya gyarawa su ne:
- loglevel - wannan shine matakin dalla-dalla da za a shiga. Zaɓuɓɓuka masu yiwuwa su ne:
- MUHIMMIYA
- KUSKURE
- GARGADI
- SANARWA
- INFO
- DEBUG
- STDOUT - fitar da kowane bayanai
- STDERR – fitar da kowane kurakurai
- SYSLOG – saƙo na tushen saƙo
- Fayil – fitarwa zuwa fayil
Ɗaya daga cikin mahimman fayiloli a fail2ban shine
jail.confwanda ke bayyana gidan yarin ku. Wannan shine inda kuke ayyana ayyukan da yakamata a kunna fail2ban don su.Kamar yadda muka ambata a baya
.conffayilolin za a iya canza su yayin haɓakawa, don haka yakamata ku ƙirƙiri fayil ɗin jail.local inda zaku iya amfani da gyare-gyarenku.Wata hanyar yin wannan ita ce kawai kwafi fayil ɗin .conf tare da:
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Idan kuna amfani da CentOS ko Fedora, kuna buƙatar canza bangon baya a jail.local daga auto zuwa systemd.
Idan kuna amfani da Ubuntu/Debian, babu buƙatar yin wannan gyara, kodayake suma suna amfani da tsarin.
Fayil ɗin gidan yari zai taimaka SSH ta tsohuwa don Debian da Ubuntu, amma ba akan CentOS ba. Idan kuna son kunna shi, kawai canza layi mai zuwa a /etc/fail2ban/jail.local:
[sshd] enabled = true
Kuna iya saita yanayin bayan an toshe adireshin IP. Don wannan dalili, fail2ban yana amfani da bantime, neman lokaci da maxretry.
- bantime - wannan shine adadin daƙiƙai da adireshin IP zai ci gaba da kasancewa a dakatar da shi (tsohon mintuna 10).
- lokacin samun – adadin lokacin tsakanin yunƙurin shiga, kafin a hana mai watsa shiri. (tsoho 10 min). A takaice dai, idan an saita fail2ban don toshe adireshin IP bayan gazawar yunƙurin shiga 3, waɗannan ƙoƙarin 3, dole ne a yi su a cikin lokacin ganowa (mins 10).
- maxretry - yawan yunƙurin da za a yi kafin a yi amfani da ban. (default 3).
Tabbas, za ku so ku sanya wasu adiresoshin IP ba da izini. Don saita irin waɗannan adiresoshin IP buɗe /etc/fail2ban/jail.local tare da editan rubutu da kuka fi so kuma ba da amsa mai zuwa:
ignoreip = 127.0.0.1/8 ::1
Bayan haka, zaku iya sanya adiresoshin IP waɗanda kuke so a yi watsi da ku. Ya kamata a raba adiresoshin IP daga sarari ko waƙafi.
Idan kuna son karɓar faɗakarwar wasiku akan taron, dole ne ku saita saitunan masu zuwa a /etc/fail2ban/jail.local:
- destemail – adireshin imel, inda za ku sami sanarwar.
- Sendername – mai aikawa da za ku gani lokacin karɓar saƙon.
- mai aikawa – adireshin imel wanda fail2ban zai aika imel ɗin.
Tsohuwar mta (wakilin canja wurin saƙo) an saita zuwa aika saƙon.
Domin karɓar sanarwar wasiku, kuna buƙatar canza saitunan \aiki daga:
Action = %(action_)s
Zuwa daya daga cikin wadannan:
action = %(action_mw)s action = %(action_mwl)s
- %(action_mw)s - zai hana mai watsa shiri kuma ya aika da wasiku tare da rahoton whois.
- %(action_mwl)s - zai hana mai watsa shiri, samar da bayanan wane da duk bayanan da suka dace daga fayil ɗin log.
Ƙarin Kanfigareshan Gidan Yari na Fail2ban
Ya zuwa yanzu mun kalli ainihin zaɓuɓɓukan sanyi. Idan kuna son saita gidan yari kuna buƙatar kunna shi a cikin fayil ɗin jail.local. Ma'anar kalma tana da sauƙi:
[jail_to_enable] . . . enabled = true
Inda yakamata ku maye gurbin jail_to_enable tare da ainihin gidan yari, misali, \sshd A cikin fayil ɗin jail.local, za'a ƙirƙiri ƙididdiga masu zuwa don sabis na ssh:
[sshd] port = ssh logpath = %(sshd_log)s
Kuna iya kunna tacewa wanda zai taimaka gano idan layi a cikin log ɗin ya gaza. Ƙimar tace haƙiƙa tana nufin fayil mai sunan sabis wanda .conf ke bi. Misali: /etc/fail2ban/filter.d/sshd.conf.
Maganar magana ita ce:
filter = service
Misali:
filter = sshd
Kuna iya sake duba abubuwan tacewa a cikin jagorar mai zuwa: /etc/fail2ban/filter.d/.
Fail2ban ya zo tare da abokin ciniki wanda za'a iya amfani dashi don bita da canza tsarin na yanzu. Tunda yana ba da zaɓuɓɓuka da yawa, zaku iya shiga cikin littafinsa tare da:
# man fail2ban-client
Anan zaku ga wasu mahimman umarnin da zaku iya amfani da su. Don duba halin da ake ciki na fail2ban ko na takamaiman gidan yari, zaku iya amfani da:
# fail2ban-client status
Sakamakon zai yi kama da wannan:
Don ɗaurin kurkuku, kuna iya gudu:
# fail2ban-client status sshd
A cikin hoton da ke ƙasa, za ku ga cewa da gangan na gaza shiga da yawa don haka kasa2ban na iya toshe adireshin IP ɗin da nake ƙoƙarin haɗawa daga ciki:
Fail2ban kyakkyawan tsari ne, ingantaccen tsarin rigakafin kutse, wanda ke ba da ƙarin tsaro ga tsarin Linux ɗin ku. Yana buƙatar ɗan lokaci don amfani da saitinsa da tsarin aiki, amma da zarar kun fahimci kanku da shi, za ku ji daɗin canzawa da tsawaita dokokinsa.