Differences

This shows you the differences between two versions of the page.

--- computers:ssh_security [2012/02/01 02:02] – chkuo
+++ computers:ssh_security [2023/03/28 14:40] (current) – [Limit by IP address] chkuo
@@ Line 18: / Line 18: @@
 <file>
 # /etc/hosts.allow
-# allow intranet-ethernet IPs (192.168.1.*)
+# allow intranet IPs (192.168.1.*)
-# allow intranet-wireless IPs (10.0.1.*)
+# allow IPMB IPs (172.*.*.*)
 # allow Academia Sinica IPs (140.109.*.*)
-# allow National Taiwan University IPs (140.112.*.*)
+sshd: 192.168.1., 172., 140.109.: allow
-sshd: 192.168.1., 10.0.1., 140.109., 140.112. : allow
 </file>
-Other IP ranges:
-  * Hinet: 118.160.0.0 - 118.167.255.255, 118.168.0.0 - 118.171.255.255
 ===== Check log files =====
 Mac:
 <code bash>
-more /var/log/secure.log
+grep sshd /var/log/system.log
 </code>
@@ Line 37: / Line 35: @@
 <code bash>
-more /var/log/auth.log
+grep sshd /var/log/auth.log
 </code>
-==== Fail2ban ====
+===== Fail2ban =====
 Install [[http://www.fail2ban.org/|fail2ban]]
@@ Line 47: / Line 45: @@
 <code bash>
 # install
-sudo apt-get install fail2ban
+sudo apt install fail2ban
 # edit the conf file /etc/fail2ban/jail.conf as necessary
 # for example, increase 'bantime' or reduce 'maxretry' to enhance the security level
 # restart the service
-/etc/rc.d/init.d/fail2ban restart
+sudo /etc/init.d/fail2ban restart
+# regex test
+sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
+# check status
+sudo /etc/init.d/fail2ban status
+# check client status
+sudo fail2ban-client status
+sudo fail2ban-client status sshd
+# check log
+cat /var/log/fail2ban.log
+# unban
+sudo fail2ban-client set sshd unbanip xxx.xxx.xxx.xxx
 </code>
+If registered at [[http://www.blocklist.de]], edit ''/etc/fail2ban/jail.conf'' to add:
+<code bash>
+destemail = fail2ban@blocklist.de
+sendermail = fail2ban@your-server.tld
+</code>