对于CentOS服务器,推荐以下几种IPS解决方案:
# 添加EPEL仓库
sudo yum install -y epel-release
# 安装Suricata
sudo yum install -y suricata
# 安装规则管理工具
sudo yum install -y python3-pip
sudo pip3 install --upgrade suricata-update
# 更新规则
sudo suricata-update
# 查看可用规则源
sudo suricata-update list-sources
# 添加Emerging Threats规则
sudo suricata-update enable-source et/open
sudo suricata-update
编辑主配置文件 /etc/suricata/suricata.yaml:
# 设置网络接口
af-packet:
- interface: eth0
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
# 启用IPS模式
nfq:
- mode: accept
repeat-mark: 1
repeat-mask: 1
# 设置规则路径
default-rule-path: /var/lib/suricata/rules
rule-files:
- *.rules
# 测试配置
sudo suricata -T -c /etc/suricata/suricata.yaml -v
# 以IPS模式启动
sudo suricata -D -c /etc/suricata/suricata.yaml -q 0
sudo yum install -y fail2ban
创建自定义配置文件 /etc/fail2ban/jail.local:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3
bantime = 86400
findtime = 600
sudo systemctl enable --now fail2ban
sudo systemctl status fail2ban
# 安装firewalld
sudo yum install -y firewalld
sudo systemctl enable --now firewalld
# 添加基本规则
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# 限制SSH访问(可选)
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="ssh" accept'
sudo firewall-cmd --reload
定期更新系统:
sudo yum update -y
禁用不必要的服务:
sudo systemctl stop postfix
sudo systemctl disable postfix
配置SELinux:
sudo setenforce 1
sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/g' /etc/selinux/config
安装并配置日志分析工具:
sudo yum install -y logwatch
查看Suricata日志:
tail -f /var/log/suricata/fast.log
检查Fail2Ban状态:
sudo fail2ban-client status sshd
设置自动规则更新:
# 创建定时任务
echo "0 3 * * * /usr/bin/suricata-update -o /var/lib/suricata/rules" | sudo tee -a /etc/crontab
echo "0 4 * * * /bin/systemctl restart suricata" | sudo tee -a /etc/crontab
通过以上配置,您的CentOS服务器将获得多层防护,有效抵御各种网络攻击。记得定期审查日志并更新规则以应对最新威胁。