Fail2ban 설치 (로그인 시도 아이피 차단)
yum install fail2ban jwhois
vi /etc/fail2ban/jail.conf
# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand = #123.111.0.444/24 이런식으로 아이피를 적어놓으면 접근 시도를 몇 번을 하든 차단되지 않는다.
# "bantime" is the number of seconds that a host is banned.
bantime = 600 #일정 횟수를 초과하여 접근 시도 시, 접근 거부 시간. 600초
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600 #입력한 시간 사이에 지정 횟수 초과 시 차단. 600초
# "maxretry" is the number of failures before a host get banned.
maxretry = 3 #최대 접근 횟수. 3회를 초과할 경우 접근 차단.
----------------------------------------------------
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
[sshd]
enabled = true #이걸 true로 해줘야 SSH 접근 시도 시, fail2ban이 동작함.
#
# See jail.conf(5) man page for more information
------------------------------------------------------
# service fail2ban start
-----------------------------------------------------
출처 : http://zero-gravity.tistory.com/270
