๐ก️ Linux ้ฒ็ซ็่ๅ ฅไพต้ฒ่ญท:็ตๅ Firewalld、Fail2Ban ่ Systemd ๅฎๅ จ็ญ็ฅๅฏฆไฝ
Linux ็ณป็ตฑๅฎๅ จ็ๆ ธๅฟๅจๆผ「ๅคๅฑค้ฒ็ฆฆ」。 ๆฌๆๅธถไฝ ไธๆญฅๆญฅ็ตๅ Firewalld、Fail2Ban ่ Systemd, ๅปบ็ซ่ชๅๅ้ฒ่ญทๆฉๅถ,่ฎไผบๆๅจๅจๅตๆธฌ็ฐๅธธ็ปๅ ฅๆๅณๆๅฐ้ๆกๆไพๆบ。
ไธ、ๆชขๆฅ่ๅ็จ Firewalld
# ๅฎ่ฃ่ๅๅ
sudo apt install firewalld -y
sudo systemctl enable --now firewalld
# ๆชข่ฆ็ๆ
sudo firewall-cmd --state
sudo firewall-cmd --list-all
ไบ、่จญๅฎ้ฒ็ซ็ๅๅ่ๆๅ
# ๅฐ SSH ๅ ๅ
ฅ public ๅๅ
sudo firewall-cmd --permanent --zone=public --add-service=ssh
sudo firewall-cmd --reload
# ๆฐๅข่ช่จๅๅ(ไพๅฆๅ
ง้จ LAN)
sudo firewall-cmd --permanent --new-zone=internal
sudo firewall-cmd --permanent --zone=internal --add-source=192.168.0.0/24
ไธ、ๆดๅ Fail2Ban ๅ ฅไพต้ฒ่ญท
# ๅฎ่ฃ
sudo apt install fail2ban -y
# ๅปบ็ซ่ฆๅฏซ่จญๅฎ
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local
่จญๅฎ็ฏไพ:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
bantime = 600
maxretry = 5
action = firewallcmd-ipset
ๅ、Systemd ่ชๅๅๅๅ่็ฃๆง
# ๅๅ่ๆชขๆฅๆๅ
sudo systemctl enable --now fail2ban
sudo systemctl status fail2ban
# ๆฅ็ๅฐ้ๅๅฎ
sudo fail2ban-client status sshd
ไบ、ๅฎๅ จๅผทๅๅปบ่ญฐ
- ๐ ้้ root ้ ็ซฏ็ปๅ
ฅ:
PermitRootLogin no - ๐งฑ ไฝฟ็จ้้ ่จญๅ ่(ๅฆ 2222)
- ๐งฉ ๅ็จ SELinux / AppArmor ๅผทๅๅฑค
- ๐ ไฝฟ็จ systemd-analyze ็ขบ่ชๅๅ่ๆ
๐ ็ต่ช
้้ Firewalld、Fail2Ban ่ Systemd ็็ตๅ, ไฝ ่ฝๅฟซ้ๆ้ ๅ ผๅ ท「ๅฝๆง、็ฉฉๅฎ่่ชๅๅ」็้ฒ็ฆฆๆถๆง。 ๅฐๆผไธญๅฐๅไผบๆๅจๆ้ฒ็ซฏไธปๆฉ่่จ,้ๆฏๆ็ฐกๆฝๆๆ็ๅฎๅ จ่ตท้ป。
๐ ๅปถไผธ้ฑ่ฎ
— WWFandy・็ณป็ตฑ่็ถฒ่ทฏ็ญ่จ
ๆฒๆ็่จ:
ๅผต่ฒผ็่จ