Fail2ban ssh
Version vom 7. August 2023, 21:14 Uhr von Linkai.zhang (Diskussion | Beiträge) (→sshd in fail2ban aktivieren)
Hydra installieren (Hacking & Security Seite 136)
- apt update
- apt install hydra
Passwordliste laden
Brute Force auf den SFTP Server vom DNS Server aus
- hydra -l gast -s 2222 -P bad-passwords sftp.lab1xx.sec sftp
sshd in fail2ban aktivieren
- vim /etc/fail2ban/jail.local
[sshd] enable = true port = 2222
fail2ban neustarten
- systemctl restart fail2ban
Status checken
- fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 1 | |- Total failed: 14 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 172.31.31.1
Alles unbannen
- fail2ban-client unban --all