{"id":228,"date":"2019-07-26T15:42:34","date_gmt":"2019-07-26T06:42:34","guid":{"rendered":"https:\/\/hyandmj.asuscomm.com\/hblog\/?p=228"},"modified":"2021-05-03T20:11:35","modified_gmt":"2021-05-03T11:11:35","slug":"fail2ban%ec%9c%bc%eb%a1%9c-ssh-%eb%b3%b4%ec%95%88-%ea%b0%95%ed%99%94","status":"publish","type":"post","link":"https:\/\/hyandmj.asuscomm.com\/hblog\/?p=228","title":{"rendered":"fail2ban\uc73c\ub85c SSH \ubcf4\uc548 \uac15\ud654"},"content":{"rendered":"\n

Motive<\/h3>\n\n\n\n

\uc218\uc2ed \ub300\uc758 \uc11c\ubc84\ub97c \uad00\ub9ac\ud558\uba74\uc11c \uc11c\ubc84\uc758 \uc0c1\ud0dc\ub97c \uccb4\ud06c\ud558\uae30 \uc704\ud574 \uba87 \uac00\uc9c0 \uc694\uc18c\ub97c \ubaa8\ub2c8\ud130\ub9c1\ud558\ub294 \uc640\uc911\uc5d0 \uc774\uc0c1\ud55c \uc810\uc744 \ubc1c\uacac\ud558\uac8c \ub418\uc5c8\ub2e4. \uc5f0\uacb0\uc774 \uc131\ub9bd\ub41c \uc138\uc158 \uc218\ub97c \uce74\uc6b4\ud2b8\ub97c \ud558\uace0 \uc788\ub294\ub370 \uc774\uc0c1\ud558\uac8c ssh \uc138\uc158\uc758 \uce74\uc6b4\ud2b8\uac00 \ub4e4\uc465\ub0a0\uc465\ud55c \uac83\uc774 \uc544\ub2cc\uac00. \ubd84\uba85 \uc544\ubb34\ub3c4 \uc11c\ubc84\uc5d0 \uc811\uc18d\uc744 \ud558\uc9c0 \uc54a\uc740 \uc0c1\ud0dc\uc784\uc5d0\ub3c4.<\/p>\n\n\n\n

\"\"
\uc11c\ubc84\uc5d0 \uc811\uc18d\uc740 \uc544\ubb34\ub3c4 \uc548\ud558\uace0 \uc788\ub294\ub370… \ub204\uad6c\uc2dc\uc8e0?<\/figcaption><\/figure>\n\n\n\n

\uc774 \uc815\uccb4\ubd88\uba85\uc758 \uc5f0\uacb0\ub4e4\uc758 \uc815\uccb4\ub97c \ud655\uc778\ud558\uae30 \uc704\ud574\uc11c \/var\/log\/auth.log<\/code> \ud30c\uc77c\uc744 \uc5f4\uc5b4\ubcf4\uc790. (\uc6b0\ubd84\ud22c \uac19\uc740 \ub370\ube44\uc548 \uacc4\uc5f4\uc758 \uacbd\uc6b0\uc774\ub2e4. \ub808\ub4dc\ud587 \uacc4\uc5f4\uc5d0\uc11c\uc758 \ub85c\uadf8 \ud30c\uc77c\uc740 \uc774\ub984\uc774 \ub2e4\ub97c \uc218 \uc788\uc74c) \uc774 \ud30c\uc77c\uc740 \ucef4\ud4e8\ud130\ub85c\uc758 \ubaa8\ub4e0 \uc778\uc99d \uad00\ub828 \uc774\ubca4\ud2b8\ub97c \uae30\ub85d\ud558\ub294 \ub85c\uadf8 \ud30c\uc77c\uc774\ub2e4.<\/p>\n\n\n\n

sudo vi \/var\/log\/auth.log<\/code><\/pre>\n\n\n\n
\uc544\ub2c8\ub098 \ub2e4\ub97c\uae4c, \uc804\uc138\uacc4\uc758 \ubd88\ud2b9\uc815 \ub2e4\uc218\uc758 \uc544\uc774\ud53c\ub85c\ubd80\ud130 \uc11c\ubc84\ub85c \ub79c\ub364\ud558\uac8c ssh \ub85c\uadf8\uc778\uc744 \uc2dc\ub3c4\ud558\uace0 \uc788\uc5c8\ub2e4. \uacc4\uc815\uba85\uacfc \ube44\ubc00\ubc88\ud638\ub97c \ubb34\uc791\uc704\ub85c \ub300\uc785\ud574\ubcf4\ub294 \ubd07\ub4e4\uc774 24\uc2dc\uac04 \ub3cc\uc544\uac00\uace0 \uc788\ub294 \ub4ef \ud558\ub2e4. \uad6d\ub0b4 \ubfd0\ub9cc \uc544\ub2c8\ub77c \ud638\uc8fc, \ub3c5\uc77c, \ubbf8\uad6d \ub4f1 \uc804\uc138\uacc4 \uc5b4\ub514\uc11c\ub4e0 \uc774\ub7f0 \uc811\uc18d\uc774 \uc2dc\ub3c4\ub418\uace0 \uc788\uc73c\uba70 \ud2b9\ud788 \uc911\uad6d \uc544\uc774\ud53c\uac00 \uad49\uc7a5\ud788 \ub9ce\ub2e4. \uad6d\ub0b4\uc5d0\uc11c\uc758 \ud574\ud0b9 \uc2dc\ub3c4\ub294 \uc544\ubb34\ub798\ub3c4 \uc774\ubbf8 \uc911\uad6d\uc5d0\uac8c \ub2f9\ud55c \ud130\ubbf8\ub110\uc778\ub4ef. (\ubb3c\ub860 \uad6d\ub0b4\uc758 \ud574\ucee4\uc77c \uac00\ub2a5\uc131\ub3c4 \uc788\ub2e4) \uacc4\uc815\uba85\uc740 molly<\/code>, doctor<\/code>, pi<\/code>, doris<\/code> \uac19\uc740 \uc544\uc774\ub514\uac00 \ubb34\uc791\uc704\ub85c \ub300\uc785\ub418\uace0 \uc788\uc5c8\uace0 \uc2ec\uc9c0\uc5b4 root<\/code> \uacc4\uc815\uc73c\ub85c \ub85c\uadf8\uc778\uc774 \uc2dc\ub3c4\ub41c \uae30\ub85d\uc774 \ub9ce\ub2e4. \ube44\ubc00\ubc88\ud638\ub3c4 \ubb50 \ud06c\uac8c \ub2e4\ub974\uc9c0 \uc54a\uc744\ub4ef. \uacf5\uac1c\ub41c ssh \uc11c\ubc84\uc758 \uc219\uba85\uc778 \uac83\uc778\uac00.<\/p>\n\n\n\n
(\uc5ec\ub2f4: \ud639\uc790\ub294 \uc774\ub7f0 \uc2dd\uc758 \ud574\ud0b9 \uacf5\uaca9\uc5d0 \ub450\ub824\uc6c0\uc744 \ub5a8 \uc218\ub3c4 \uc788\uaca0\uc73c\ub098, \uc808\ub300\ub2e4\uc218\uac00 \uc0ac\uc6a9\ud558\ub294 \uc708\ub3c4\uc6b0 \uac19\uc740 \uacbd\uc6b0 \uc790\ub3d9\uc73c\ub85c \ubaa8\ub4e0 \uc811\uc18d\uc744 \ucc28\ub2e8\ud558\uace0 \uc788\ub2e4. \ubb3c\ub860 \uc720\uc800\uac00 \uc6d0\uaca9 \ub370\uc2a4\ud06c\ud1b1 \uae30\ub2a5\uc744 \ud65c\uc131\ud654 \ud558\ub294 \uacbd\uc6b0 3389\ubc88 \ud3ec\ud2b8\ub85c\uc758 \uc811\uadfc \uacf5\uaca9\uc740 \uc77c\uc5b4\ub0a0 \uc218 \uc788\ub2e4. \uc708\ub3c4\uc6b0\ub4e0 \ub9ac\ub205\uc2a4\ub4e0 \uac04\uc5d0 \ube44\ubc00\ubc88\ud638\ub97c \uacc4\uc815\uc5d0 \uc548\uac78\uc5b4\ub193\uace0 \uc4f0\ub294 \ubbf8\uce5c\uc9d3\ub9cc \uc548\ud558\uba74 \uc6ec\ub9cc\ud574\uc11c\ub294 \uc548\uc804\ud568.)<\/p>\n\n\n\n
\ub9d0\uc774 \ubb34\uc791\uc704\uc774\uc9c0 \uc0ac\uc2e4\uc0c1 \uae30\uc874\uc758 \ub2e8\uc5b4\ub098 \ud1b5\uacc4\uc801\uc73c\ub85c \ub9ce\uc774 \uc4f0\uc774\ub294 \uc774\ub984 \ub4f1\uc744 \ub300\uc785\ud574 \ubcf4\ub294 \uac83\uc77c\uac8c \ubed4\ud558\ub2e4. (\ud639\uc2dc\ub098 \ud558\uace0 brute force list\ub97c \uad6c\uae00\uc5d0 \uac80\uc0c9\ud574\ubcf4\ub2c8 \uc5ed\uc2dc\ub098 password list\uc640 word list\uac00 \uc218\ub450\ub8e9\ud558\uac8c \ub098\uc628\ub2e4) \ud604\uc7ac\uae4c\uc9c0\uc758 \ubaa8\ub4e0 \uc2dc\ub3c4\uac00 \uc2e4\ud328\ud588\uace0 \uc55e\uc73c\ub85c\ub3c4 \uc774\ub7f0 \ubc29\uc2dd\uc758 \ub85c\uadf8\uc778 \uc2dc\ub3c4\uac00 \uc131\uacf5\ud560 \uac00\ub2a5\uc131\uc740 \uc6b0\ub9ac \uc740\ud558\uc640 \uc548\ub4dc\ub85c\uba54\ub2e4 \uc740\ud558\uac00 \ub9cc\ub098\ub294 \ub0a0\uc774 \uc640\ub3c4 \uc77c\uc5b4\ub0a0 \uc77c \uc5c6\uc5b4 \ubcf4\uc778\ub2e4, \ub9cc…… \ubb34\uc5c7\ubcf4\ub2e4\ub3c4 \uac70\uc2ac\ub9b0\ub2e4. \ud2b9\ud788 \uc9f1\uae68\ub4e4\uc774 \uc9c0\uae08 \uc774 \uc21c\uac04\uc5d0\ub3c4 \ub0b4 \ucef4\ud4e8\ud130\uc5d0 \ud574\ud0b9\uc744 \uc2dc\ub3c4\ud558\uace0 \uc788\ub2e4\ub294 \uac83 \uc790\uccb4\uac00 \ub9e4\uc6b0 \ubd88\ucf8c\ud558\ub2e4. \uc774\uac83\ub4e4\uc744 \uc790\ub3d9\uc73c\ub85c \ucc28\ub2e8\ud574\ubc84\ub824\uc57c \uc18d\uc774 \uc2dc\uc6d0\ud560 \uac83 \uac19\ub2e4. \/etc\/hosts.allow<\/code> \ud30c\uc77c\uacfc \/etc\/hosts.deny<\/code> \ud30c\uc77c \uc218\uc815\uc744 \ud1b5\ud574 \uc2f9\ub2e4 \ub9c9\uc544\ubc84\ub9ac\ub294 \ubc29\ubc95\ub3c4 \uc788\uaca0\uc73c\ub098, \ub0b4\uac00 \uc5b8\uc81c \uc5b4\ub514\uc5d0\uc11c \uc11c\ubc84\uc5d0 \uc811\uc18d\ud560\uc9c0 \uc55e\ub0a0\uc740 \ubaa8\ub97c \uc77c\uc774\ubbc0\ub85c \ud654\uc774\ud2b8 \ub9ac\uc2a4\ud2b8 \ubc29\uc2dd\uc758 \ucc28\ub2e8\uc740 \uc880 \ubc88\uac70\ub85c\uc6b8 \uc218 \uc788\ub2e4. \ub098\uc05c\ub188\ub9cc \uace8\ub77c\uc11c \ucc28\ub2e8\ud558\uace0 \uc2f6\uc744 \ub54c \uc0ac\uc6a9\ub418\ub294 \uc801\uc808\ud55c \uc11c\ube44\uc2a4\uac00 fail2ban<\/code>\uc774\ub2e4.<\/p>\n\n\n\n
\ud658\uacbd<\/h3>\n\n\n\n
– \uc791\uc5c5 \ub178\ub4dc: \uadf8\ub0e5 \ud3c9\ubc94\ud55c \uc11c\ubc84 \ucef4\ud4e8\ud130
– OS: Ubuntu 18.04<\/p>\n\n\n\n
Procedure<\/h3>\n\n\n\n
\ucc38\uace0 \ub9c1\ud06c:  https:\/\/www.lesstif.com\/pages\/viewpage.action?pageId=43843899<\/a><\/p>\n\n\n\n
i) \uc124\uce58<\/h4>\n\n\n\n
apt<\/code>\ub97c \uc0ac\uc6a9\ud558\uba74 \uac04\ub2e8\ud558\uac8c \uc124\uce58\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
sudo apt install -y fail2ban<\/code><\/pre>\n\n\n\n
fail2ban<\/code>\uc740 python<\/code>\uc73c\ub85c \uac1c\ubc1c\ub418\uc5c8\uc73c\ubbc0\ub85c python<\/code>\uc774 \uc77c\ub2e8 \uc124\uce58\uac00 \ub418\uc5b4\uc788\uc5b4\uc57c \ud558\uace0 python<\/code> \uad00\ub828 \uba87\uba87 \ud328\ud0a4\uc9c0\ub3c4 \ub354  \ud544\uc694\ud55c \uac8c \uc788\uc744 \uac83\uc774\ub2e4. \ubb3c\ub860 python<\/code>\uc774 \uc5c6\ub294 \ucef4\ud4e8\ud130\ub294 \uc804\uc138\uacc4 \uc5b4\ub514\uc5d0\ub3c4 \uc5c6\uc744 \uac83\uc774\uba70, (\uadf8\ub7f0\uac00…?) \uc124\ub9c8 \uc5c6\ub294\uac8c \uc788\uc5b4\ub3c4 \uc6b0\ub9ac\uc758 yum<\/code>, apt<\/code> \uac19\uc740 \ud328\ud0a4\uc9c0 \ub9e4\ub2c8\uc800\ub4e4\uc774 \uc9c0\uac00 \uc54c\uc544\uc11c \ub2e4 \uc790\ub3d9\uc73c\ub85c \uc758\uc874\uc131 \ud328\ud0a4\uc9c0\ub4e4\uc744 \uc124\uce58\ud574\uc900\ub2e4. \uc124\uce58\uac00 \ub05d\ub09c \ud6c4\uc5d0\ub294 \uae30\ubcf8 \uc124\uc815\uc73c\ub85c \uc11c\ube44\uc2a4\uac00 \uc790\ub3d9\uc73c\ub85c \uc2dc\uc791\ub418\uc5b4 \uc788\uc744 \uac83\uc774\ub2e4.<\/p>\n\n\n\n
sudo systemctl status fail2ban<\/code><\/pre>\n\n\n\n
\uc744 \uc2e4\ud589\ud574\ubcf4\uba74 \uc791\ub3d9 \uc0c1\ud0dc\ub97c \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
ii) \uae30\ubcf8 \uc124\uc815 \ud655\uc778<\/h4>\n\n\n\n
\ud328\ud0a4\uc9c0 \ub9e4\ub2c8\uc800\ub97c \ud1b5\ud574 \uc124\uce58\ub41c fail2ban<\/code>\uc758 \uc124\uc815 \ud30c\uc77c\uc740 \ubcf4\ud1b5 \/etc\/fail2ban<\/code> \ub514\ub809\ud1a0\ub9ac\uc5d0 \uc788\ub2e4. \uc5b4\ub290 \ub188\uc744 \uc5c4\ubc8c\uc5d0 \ucc98\ud560 \uac83\uc778\uac00\ub294 jail.conf<\/code> \ud30c\uc77c\ub85c \uc815\ud574\uc904 \uc218 \uc788\ub2e4. \ub0b4\uc6a9\ubb3c\uc744 \uc77d\uc5b4\ubcf4\uc790. \uba87 \uac00\uc9c0 \ub300\ud45c\uc801\uc778 \uc124\uc815\uc73c\ub85c\ub294 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n\n\n\n
...\n[DEFAULT]\n...\nbantime = 10m\n...\nfindtime = 10m\n...\nmaxretry = 5\n...<\/code><\/pre>\n\n\n\n
\ub2e4\ub978 \uc124\uc815\uac12\ub4e4\ub3c4 \ub9ce\uc9c0\ub9cc \uc774 \uc138 \uac00\uc9c0\uac00 \ud575\uc2ec\uc774\ub77c\uace0 \ud560 \uc218 \uc788\uaca0\ub294\ub370, \uadf8 \uc758\ubbf8\ub294 10\ubd84<\/strong> \uc548\uc5d0 (findtime<\/code>) 5\ubc88<\/strong>\uc744 \uc811\uc18d \uc2e4\ud328\ud558\uba74, (maxretry<\/code>) \uadf8\ub188\uc740 \ub098\uc05c\ub188\uc73c\ub85c \uac04\uc8fc\ud558\uc5ec 10\ubd84<\/strong>\uac04 \ucc28\ub2e8\uc744 \ud574\ubc84\ub9b0\ub2e4.  (bantime<\/code>)<\/p>\n\n\n\n
iii) \ub098\ub9cc\uc758 \uc124\uc815<\/h4>\n\n\n\n
\uae30\ubcf8 \uc124\uc815\uc774 \ub9c8\uc74c\uc5d0 \uc548\ub4e4 \uacbd\uc6b0 \ub0b4\uac00 \uc9c1\uc811 \uc124\uc815\uc744 \ubc14\uafd4\uc11c \uc801\uc6a9\ud560 \uc218\ub3c4 \uc788\ub2e4. \ubb3c\ub860 jail.conf<\/code> \ud30c\uc77c\uc744 \uc218\uc815\ud558\uba74 \uc218\uc815\ub41c \uc0ac\ud56d\uc774 \ubc18\uc601\uc774 \ub420 \uac83\uc774\ub2e4. \ud558\uc9c0\ub9cc jail.conf<\/code> \ud30c\uc77c\uc744 \uc77d\ub2e4\ubcf4\uba74, \uc774 \ud30c\uc77c\uc744 \uace0\uce58\ub294 \uac83\uc740 \ubcc4\ub85c \uc88b\uc740 \uc0dd\uac01\uc774 \uc544\ub2c8\ub77c\ub294 \ub9d0\uc774 \ub098\uc628\ub2e4.<\/p>\n\n\n\n
 YOU SHOULD NOT MODIFY THIS FILE.


It will probably be overwritten or improved in a distribution update.


Provide customizations in a jail.local file or a jail.d\/customisation.local. For example to change the default bantime for all jails and to enable the ssh-iptables jail the following (uncommented) would appear in the .local file. See man 5 jail.conf for details. <\/p><\/blockquote>\n\n\n\n
\ubb54 \uc18c\ub9b0\uace0 \ud558\ub2c8, \ud504\ub85c\uadf8\ub7a8 \uc5c5\ub370\uc774\ud2b8 \ud558\ub2e4\uac00 \uc774 \ud30c\uc77c\uc744 \uc0c8\ub85c \ub36e\uc5b4\uc4f0\uba74 \ub2c8\uac00 \uace0\uccd0\ub193\uc740 \ubd80\ubd84\ub4e4\uc740 \ub2e4 \ub0a0\uc544\uac08\uac70\uc784, \uc774 \ub418\uaca0\ub2e4. (\ub354 \uc790\uc138\ud55c \uc124\uba85\uc740 man jail.conf<\/code>\ub97c \ud558\uba74 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.) \ub300\uc2e0\uc5d0 jail.local<\/code> \ud30c\uc77c\uc744 \uc0c8\ub85c \ub9cc\ub4e4\uc5b4\uc11c \uac70\uae30\uc5d0 \ub0b4 \uc124\uc815\uc744 \uc801\uc5b4\ub450\uba74 \uc801\uc6a9\uc774 \ub420\uac70\ub77c\uace0 \ud55c\ub2e4. \ud328\ud0a4\uc9c0 \ub9e4\ub2c8\uc800\uac00 \ub9cc\ub4e0 \ud30c\uc77c\uc774 \uc544\ub2c8\ub77c \uc720\uc800\uac00 \uc9c1\uc811 \uc0dd\uc131\ud55c \ud30c\uc77c\uc774\ubbc0\ub85c \ud328\ud0a4\uc9c0 \ub9e4\ub2c8\uc800\uc5d0 \uc758\ud574 \ub36e\uc5b4\uc50c\uc6cc\uc9c8 \uc77c\ub3c4 \uc5c6\uc73c\uba70 \ud328\ud0a4\uc9c0\ub97c \uc0ad\uc81c\ud574\ub3c4 \uadf8\ub300\ub85c \uc774 \ud30c\uc77c\uc740 \ub0a8\uc544\uc788\uc744 \uac83\uc774\ub2e4. \uc624\ucf00\uc774, \uc2dc\ud0a4\ub294\ub300\ub85c \ud30c\uc77c \ucd94\uac00\ub97c \ud574\ubcf4\uc790.<\/p>\n\n\n\n
[DEFAULT]\nignoreip = 127.0.0.1\/8 ::1 xxx.xxx.xxx.0\/24 192.168.1.0\/24 xxx.xxx.xxx.0\/24\nbantime  = -1\nfindtime  = 1h\n\n[sshd]\nenable = true\nprot = ssh<\/code><\/pre>\n\n\n\n
\uc704\uc758 \uc124\uc815\uc740 \ub098\uc758 jail.local<\/code> \ud30c\uc77c \uc548\uc758 \ub0b4\uc6a9\ubb3c\uc774\ub2e4. \ubb3c\ub860 \uacbd\ub85c\ub294 \/etc\/fail2ban<\/code>\uc5d0 \uc704\uce58\ud55c\ub2e4. \ud574\ud0b9 \uc2dc\ub3c4\ub294 \uac00\ucc28\uc5c6\uc774 \ucc98\ub2e8\ud558\uae30 \uc704\ud574  findtime<\/code>\uc744 1\uc2dc\uac04\ub85c \ub300\ud3ed \ub298\ub838\ub2e4. -1<\/code>\uc758 bantime<\/code>\uc740 \ub124\ub188\uc744 \uc601\uc6d0\ud788 \ucc28\ub2e8\ud558\uaca0\ub2e4\ub294 \ub73b\uc774\ub2e4. \ub098\ub3c4 \uc0ac\ub78c\uc778\uc9c0\ub77c \ub0b4\uac00 \uc2e4\uc218\ub85c 5\ubc88\uae4c\uc9c0 \ud2c0\ub9b4 \uac00\ub2a5\uc131\ub3c4 \uc788\uc73c\ubbc0\ub85c ignoreip<\/code>\uc5d0 \ub0b4\uac00 \uc790\uc8fc \uc4f0\ub294 \uc8fc\uc18c\ub97c \uc801\uc5b4\ub123\uc5c8\ub2e4. \ubb3c\ub860 \ub0b4 \ud504\ub77c\uc774\ubc84\uc2dc \ubcf4\ud638\ub97c \uc704\ud574 \uc77c\ubd80 IP \uc8fc\uc18c\ub97c xxx\uc640 \uac19\uc774 \uac00\ub824\ub193\uc558\ub2e4. \uadf8 \uc790\ub9ac\uc5d0 \uc790\uc2e0\uc5d0\uac8c \ud544\uc694\ud55c \uc8fc\uc18c\ub97c \ub123\uc5b4\uc8fc\uba74 \ub41c\ub2e4.<\/p>\n\n\n\n
\ud30c\uc77c\uc744 \uc800\uc7a5\ud558\uace0 fail2ban \uc11c\ube44\uc2a4\ub97c \uc7ac\uc2dc\uc791\ud558\uba74 \ubcc0\uacbd\ub41c \uc124\uc815\uc774 \uc801\uc6a9\ub41c\ub2e4. \uc798 \uc801\uc6a9\ub418\uc5c8\ub294\uc9c0 \ud655\uc778\ud558\uace0 \uc2f6\ub2e4\uba74 \uc11c\ube44\uc2a4 \ub85c\uadf8 \ud30c\uc77c\uc744 \uccb4\ud06c\ud55c\ub2e4.<\/p>\n\n\n\n
sudo systemctl restart fail2ban\nsudo cat \/var\/log\/fail2ban.log | grep INFO | tail -n 30<\/code><\/pre>\n\n\n\n
iv) \ucc28\ub2e8 IP \ud655\uc778<\/h4>\n\n\n\n
fail2ban<\/code> \uc11c\ube44\uc2a4\ub97c \uc2e4\ud589\ud55c\uc9c0 \uba70\uce60\ub9cc\uc5d0 \ubb34\uc218\ud55c \uc544\uc774\ud53c\ub4e4\uc774 \ucc28\ub2e8\uc744 \ub2f9\ud588\uace0 \uc11c\ubc84\ub294 \ud074\ub9b0\ud574\uc84c\ub2e4.<\/p>\n\n\n\n
\"\"
\ud074-\ub9b0\ud55c \ubaa8\uc2b5<\/figcaption><\/figure>\n\n\n\n
\uc5b4\ub5a4 \uc544\uc774\ud53c\ub4e4\uc774 \ucc28\ub2e8\ub418\uc5b4 \uc788\ub294\uc9c0 \ud655\uc778\ud558\uace0 \uc2f6\ub2e4\uba74 \uba87 \uac00\uc9c0 \ubc29\ubc95\uc774 \uc788\ub2e4.<\/p>\n\n\n\n
sudo fail2ban-client status<\/code><\/pre>\n\n\n\n
\uc5b4\ub290 \ube14\ub85c\uadf8\uc5d0\uc11c\ub294 \uc704\uc758 \ucee4\ub9e8\ub4dc\uac00 \ucc28\ub2e8 IP \uac1c\uc218\ub97c \ud655\uc778\ud55c\ub2e4\uace0 \ub418\uc5b4 \uc788\ub294\ub370 \uadf8\uac74 \ud2c0\ub9b0 \ub9d0\uc774\uace0, \uac10\uc625\uc758 \uac1c\uc218\ub9cc\uc744 \ud655\uc778\ud574 \uc8fc\uace0 \uadf8 \uac10\uc625 \uc548\uc5d0 \uc8c4\uc218\uac00 \uba87\uba85\uc774 \ub4e4\uc5b4\uc788\ub294\uc9c0\ub294 \ud655\uc778\uc774 \uc548\ub41c\ub2e4. \ucc28\ub2e8\ub41c IP \uc815\ubcf4\ub97c \uc9c1\uc811\uc801\uc73c\ub85c \ubcf4\uace0 \uc2f6\ub2e4\uba74 \ub2e4\uc74c\uacfc \uac19\uc740 \uba85\ub839\uc5b4\ub97c \uc4f8 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
sudo cat \/var\/log\/fail2ban.log* | grep \"] Ban\" | awk '{print $NF}' | sort | uniq -c | sort -n<\/code><\/pre>\n\n\n\n
\uadf8\ub0e5 \ub85c\uadf8 \ud30c\uc77c\uc744 \uc77d\uc5b4\ubd10\uc11c Ban<\/code>\uc774\ub77c\ub294 \ub2e8\uc5b4\uac00 \uc788\ub294 \uc904\uc744 \ucc3e\uc544 \ucd9c\ub825\ud574\uc8fc\ub294 \uc258 \ucee4\ub9e8\ub4dc\uc774\ub2e4. \uc0ac\uc2e4 fail2ban<\/code>\uc758 \uc791\ub3d9 \uc6d0\ub9ac\ub294, \ub85c\uadf8 \ud30c\uc77c\uc744 \uc77d\uace0 \uac70\uae30\uc5d0\uc11c \ubd88\ub7c9\ud55c \ub07c\uac00 \uc788\ub294 \uc544\uc774\ud53c\ub4e4\uc744 OS\uc758 \ubc29\ud654\ubcbd \uaddc\uce59\uc5d0 \ucd94\uac00\ud558\ub294 \uc5ed\ud560\ub9cc\uc744 \ud560 \ubfd0\uc774\ub2e4. \uace0\ub85c \ubc29\ud654\ubcbd \uaddc\uce59\uc744 \ucd9c\ub825\ud574\ubd10\ub3c4 \ucc28\ub2e8 \ubaa9\ub85d\uc744 \uc54c \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
sudo iptables -L -n<\/code><\/pre>\n\n\n\n
\uc65c fail2ban<\/code> \ud504\ub85c\uadf8\ub7a8 \uc790\uccb4\uc5d0\uc11c \ucc28\ub2e8 \ubaa9\ub85d\uc744 \uc77d\uc5b4\ub0b4\ub294 \uae30\ub2a5\uc744 \uc548\ub9cc\ub4e4\uc5b4 \ub1a8\ub294\uc9c0 \uc774\ud574\uac00 \uc798 \uc548\uac04\ub2e4.<\/p>\n\n\n\n
v) \ucc28\ub2e8\uc744 \ud574\uc81c\ud558\uace0 \uc2f6\uc744 \ub54c<\/h4>\n\n\n\n
 sudo fail2ban-client set sshd unbanip xxx.xxx.xxx.xxx<\/code><\/pre>\n\n\n\n
\uc774\ub807\uac8c \ud558\uba74 fail2ban<\/code> \uc11c\ube44\uc2a4 \uc7ac\uc2dc\uc791 \uc5c6\uc774 \ubc14\ub85c \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub2e4\uace0 \ud558\ub294\ub370 \ub09c \ud574\ubcf8 \uc801\uc774 \uc5c6\ub294 \uae30\ub2a5\uc774\ub2e4. \ud55c\ubc88 \ucc28\ub2e8\uc740 \uc601\uc6d0\ud55c \ucc28\ub2e8\uc774\ub2e4 \uc9f1\uae68\ub4e4\uc544.<\/p>\n\n\n\n
\n\n\n\n
\uc9c0\uae08 \uc774 \uc21c\uac04\uc5d0\ub3c4 \uc218\ub9ce\uc740 \ubd07\ub4e4\uc774 \ud3ec\ud2b8 \uc2a4\uce94, \ube0c\ub8e8\ud2b8 \ud3ec\uc2a4 \ub4f1\uc758 \uacf5\uaca9\uc744 \ub0a0\ub824\ub300\uace0 \uc788\ub2e4. \uc720\ubb34\uc120\uacf5\uc720\uae30 \uc790\uccb4\ub85c \uc678\ubd80 \uc778\ud130\ub137\uacfc \ubb3c\ub9ac\uc801\uc778 \ucc28\ub2e8\uc744 \ud574\ub450\ub294 \uacbd\uc6b0\uba74 \ubaa8\ub97c\uae4c, \uacf5\uc778 \uc544\uc774\ud53c\ub85c \ub124\ud2b8\uc6cc\ud06c\uc5d0 \ubb3c\ub824\uc788\ub294 \uc2dc\uc2a4\ud15c\uc758 \uacbd\uc6b0\uc5d4 \ub298 \uc774\ub807\uac8c \ubcf4\uc548\uc744 \uac15\ud654\ud574 \ub450\uc5b4\uc57c \uaca0\ub2e4. (\ubb3c\ub860 \uc694\uc998 \uc708\ub3c4\uc6b0\ub294 \uc54c\uc544\uc11c \ub2e4 \ub9c9\ud600 \uc788\uc73c\ub2c8 \uc548\uc2ec)<\/p>\n","protected":false},"excerpt":{"rendered":"
Motive \uc218\uc2ed \ub300\uc758 \uc11c\ubc84\ub97c \uad00\ub9ac\ud558\uba74\uc11c \uc11c\ubc84\uc758 \uc0c1\ud0dc\ub97c \uccb4\ud06c\ud558\uae30 \uc704\ud574 \uba87 \uac00\uc9c0 \uc694\uc18c\ub97c \ubaa8\ub2c8\ud130\ub9c1\ud558\ub294 \uc640\uc911\uc5d0 \uc774\uc0c1\ud55c \uc810\uc744 \ubc1c\uacac\ud558\uac8c \ub418\uc5c8\ub2e4. \uc5f0\uacb0\uc774 \uc131\ub9bd\ub41c \uc138\uc158 \uc218\ub97c \uce74\uc6b4\ud2b8\ub97c \ud558\uace0 \uc788\ub294\ub370 \uc774\uc0c1\ud558\uac8c ssh \uc138\uc158\uc758 \uce74\uc6b4\ud2b8\uac00 \ub4e4\uc465\ub0a0\uc465\ud55c \uac83\uc774 \uc544\ub2cc\uac00. \ubd84\uba85 \uc544\ubb34\ub3c4 \uc11c\ubc84\uc5d0 \uc811\uc18d\uc744 \ud558\uc9c0 \uc54a\uc740 \uc0c1\ud0dc\uc784\uc5d0\ub3c4. \uc774 \uc815\uccb4\ubd88\uba85\uc758 \uc5f0\uacb0\ub4e4\uc758 \uc815\uccb4\ub97c \ud655\uc778\ud558\uae30 \uc704\ud574\uc11c \/var\/log\/auth.log \ud30c\uc77c\uc744 \uc5f4\uc5b4\ubcf4\uc790. (\uc6b0\ubd84\ud22c \uac19\uc740 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-228","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts\/228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=228"}],"version-history":[{"count":42,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts\/228\/revisions"}],"predecessor-version":[{"id":799,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts\/228\/revisions\/799"}],"wp:attachment":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}