CentOS 7安装fail2ban + Firewalld防止爆破与CC攻击

要在CentOS 7上安装fail2ban和Firewalld以防止暴力破解和CC攻击，首先需要安装EPEL仓库，然后使用yum命令安装fail2ban和firewalld。安装完成后，启动并设置开机自启动这两个服务。根据需要配置fail2ban和firewalld的规则。

CentOS 7安装fail2ban + Firewalld防止爆破与CC攻击

1. 安装fail2ban

步骤1：更新系统

sudo yum update y

步骤2：安装fail2ban

sudo yum install fail2ban y

步骤3：启动并设置开机自启动

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

2. 配置Firewalld

步骤1：安装Firewalld

sudo yum install firewalld y

步骤2：启动并设置开机自启动

sudo systemctl start firewalld
sudo systemctl enable firewalld

步骤3：添加端口规则（以SSH为例）

sudo firewallcmd permanent addport=22/tcp
sudo firewallcmd reload

3. 配置fail2ban

步骤1：编辑jail.local文件

sudo vi /etc/fail2ban/jail.local

在文件中添加以下内容：

[ssh]
enabled  = true
port     = 22
filter   = sshd
logpath  = /var/log/secure
maxretry = 3
action   = firewallcmdipset

步骤2：创建firewallcmdipset动作文件

sudo vi /etc/fail2ban/action.d/firewallcmdipset.conf

在文件中添加以下内容：

Fail2Ban configuration file
#
Author: YourName
#
[INCLUDES]
[Definition]
Options used by action, common for all jails
actionstart = <action_name> a <JAIL_NAME> s <IP> <rest>
actionstop = <action_name> a <JAIL_NAME> s <IP> X <rest>
actioncheck = <action_name> a <JAIL_NAME> s <IP> <rest>
Default banning range (e.g. IPv4, IPv6, ...)
default = 0.0.0.0/0
The following options can be used with IPv4 only
bantime = 3600 # Default ban time in seconds for IPv4
maxretry = 3  # Default max number of retries before ban in IPv4 mode
ignoreip = 127.0.0.1/8 # Local host subnets
banip = 0.0.0.0/0 # All the IP addresses to ban
findtime = 600 # Default time in seconds between checks if an IP is still banned
The following options can be used with IPv6 only
bantime6 = 3600 # Default ban time in seconds for IPv6
maxretry6 = 3  # Default max number of retries before ban in IPv6 mode
ignoreip6 = fe80::/10 # Local host subnets
banip6 = ::/0 # All the IP addresses to ban
findtime6 = 600 # Default time in seconds between checks if an IP is still banned

步骤3：重启fail2ban服务

sudo systemctl restart fail2ban

至此，CentOS 7已经成功安装fail2ban和Firewalld，可以有效防止爆破和CC攻击。

相关问题与解答

Q1：如何查看被禁止的IP地址？

A1：可以使用以下命令查看被禁止的IP地址：

sudo fail2banclient status ssh

Q2：如何解除某个IP地址的封禁？

A2：可以使用以下命令解除某个IP地址的封禁（将<IP>替换为实际的IP地址）：

sudo firewallcmd permanent zone=public removesource=<IP>/32
sudo firewallcmd reload