在服务器上为保证安全会用防火墙和自动的防火墙配置工具来阻止入侵。比较简易化的是 UFW 防火墙和 Fail2ban 这个配置软件。

0x00 安装必备软件

apt install fail2ban
apt install ufw

0x01 配置ufw

配置之前一定要多开几个ssh的终端连接，设置后再开个新的ssh看看能不能连上，不能还有机会改。否则只能vnc了。

apt install ufw
ufw status
netstat -lntp
# 看下已经开的端口尤其sshd
ufw allow 47543
# ssh
ufw allow 80
ufw allow 443
# http https
ufw status
# 查看已经打开的端口
ufw enable
# 启用ufw
ufw status
# 再确认一下
systemctl enable ufw
# 设置开机自启动

0x02 配置fial2ban

apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

制作配置文件jail.local

vim /etc/fail2ban/jail.local

编辑

[DEFAULT]
# "bantime" is the number of seconds that a host is banned.
bantime  = 100h

# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 10m

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

[DEFAULT]
banaction = ufw
banaction_allports = ufw

设置 ufw 来作为条件
之后重启 服务

systemctl restart fail2ban
systemctl enable fail2ban

显示出要阻拦的ip

root@C20230613093204:~# fail2ban-client status
Status
|- Number of jail:      1
`- Jail list:   sshd