{"id":40380,"date":"2026-03-18T12:08:26","date_gmt":"2026-03-18T05:08:26","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=40380"},"modified":"2026-03-18T12:08:26","modified_gmt":"2026-03-18T05:08:26","slug":"cai-dat-fail2ban-chong-brute-force-ssh","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/","title":{"rendered":"H\u01b0\u1edbng D\u1eabn C\u00e0i \u0110\u1eb7t Fail2ban Ch\u1ed1ng Brute-Force SSH (2026)"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Chuan-bi-truoc-khi-cai-dat-Fail2ban-cho-VPS\" >Chu\u1ea9n b\u1ecb tr\u01b0\u1edbc khi c\u00e0i \u0111\u1eb7t Fail2ban cho VPS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Huong-dan-cai-dat-Fail2ban-tren-he-dieu-hanh-Linux\" >H\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t Fail2ban tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Cai-dat-tren-Ubuntu-Debian\" >C\u00e0i \u0111\u1eb7t tr\u00ean Ubuntu \/ Debian<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Cai-dat-tren-CentOS-RHEL\" >C\u00e0i \u0111\u1eb7t tr\u00ean CentOS \/ RHEL<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Cau-hinh-Fail2ban-bao-ve-SSH-qua-file-jaillocal\" >C\u1ea5u h\u00ecnh Fail2ban b\u1ea3o v\u1ec7 SSH qua file jail.local<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Y-nghia-cac-thong-so-cau-hinh-maxretry-bantime-findtime\" >\u00dd ngh\u0129a c\u00e1c th\u00f4ng s\u1ed1 c\u1ea5u h\u00ecnh (maxretry, bantime, findtime)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Kich-hoat-dich-vu-va-kiem-tra-trang-thai-Fail2ban\" >K\u00edch ho\u1ea1t d\u1ecbch v\u1ee5 v\u00e0 ki\u1ec3m tra tr\u1ea1ng th\u00e1i Fail2ban<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Cach-tu-kiem-tra-Test-Fail2ban-da-chan-IP-thanh-cong-chua\" >C\u00e1ch t\u1ef1 ki\u1ec3m tra (Test) Fail2ban \u0111\u00e3 ch\u1eb7n IP th\u00e0nh c\u00f4ng ch\u01b0a<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Cac-lenh-quan-ly-Fail2ban-SSH-huu-ich-cho-Quan-tri-vien\" >C\u00e1c l\u1ec7nh qu\u1ea3n l\u00fd Fail2ban SSH h\u1eefu \u00edch cho Qu\u1ea3n tr\u1ecb vi\u00ean<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Lenh-go-chan-Unban-mot-IP-trong-Fail2ban-nhu-the-nao\" >L\u1ec7nh g\u1ee1 ch\u1eb7n (Unban) m\u1ed9t IP trong Fail2ban nh\u01b0 th\u1ebf n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#VPS-Gia-Re-InterData-%E2%80%94-Firewall-2-Lop-Ho-Tro-Bao-Mat-Tu-Ngay-Dau\" >VPS Gi\u00e1 R\u1ebb InterData \u2014 Firewall 2 L\u1edbp, H\u1ed7 Tr\u1ee3 B\u1ea3o M\u1eadt T\u1eeb Ng\u00e0y \u0110\u1ea7u<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Cau-hoi-thuong-gap-ve-cau-hinh-Fail2ban-SSH\" >C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 c\u1ea5u h\u00ecnh Fail2ban SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Lam-sao-de-dua-IP-cua-toi-vao-danh-sach-trang-Whitelist-khong-bao-gio-bi-chan\" >L\u00e0m sao \u0111\u1ec3 \u0111\u01b0a IP c\u1ee7a t\u00f4i v\u00e0o danh s\u00e1ch tr\u1eafng (Whitelist) kh\u00f4ng bao gi\u1edd b\u1ecb ch\u1eb7n?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Doi-port-SSH-roi-thi-cau-hinh-Fail2ban-nhu-the-nao\" >\u0110\u1ed5i port SSH r\u1ed3i th\u00ec c\u1ea5u h\u00ecnh Fail2ban nh\u01b0 th\u1ebf n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Tai-sao-Fail2ban-cai-xong-ma-khong-chan-duoc-IP-nao\" >T\u1ea1i sao Fail2ban c\u00e0i xong m\u00e0 kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c IP n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Fail2ban-co-hoat-dong-duoc-neu-VPS-dung-SSH-Key-thay-vi-mat-khau-khong\" >Fail2ban c\u00f3 ho\u1ea1t \u0111\u1ed9ng \u0111\u01b0\u1ee3c n\u1ebfu VPS d\u00f9ng SSH Key thay v\u00ec m\u1eadt kh\u1ea9u kh\u00f4ng?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/cai-dat-fail2ban-chong-brute-force-ssh\/#Ket-luan\" >K\u1ebft lu\u1eadn<\/a><\/li><\/ul><\/nav><\/div>\n<p><!-- OVERVIEW BLOCK --><\/p>\n<div class=\"summary\">\n<p><strong>T\u00f3m t\u1eaft nhanh:<\/strong> Fail2ban ch\u1ed1ng brute-force SSH b\u1eb1ng c\u00e1ch li\u00ean t\u1ee5c gi\u00e1m s\u00e1t file log h\u1ec7 th\u1ed1ng (<code>auth.log<\/code> tr\u00ean Ubuntu, <code>secure<\/code> tr\u00ean CentOS) \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c \u0111\u1ecba ch\u1ec9 IP \u0111\u0103ng nh\u1eadp sai m\u1eadt kh\u1ea9u nhi\u1ec1u l\u1ea7n. Khi s\u1ed1 l\u1ea7n th\u1ea5t b\u1ea1i v\u01b0\u1ee3t ng\u01b0\u1ee1ng <code>maxretry<\/code>, Fail2ban t\u1ef1 \u0111\u1ed9ng th\u00eam rule v\u00e0o t\u01b0\u1eddng l\u1eeda (iptables, UFW, Firewalld) \u0111\u1ec3 ch\u1eb7n IP \u0111\u00f3 truy c\u1eadp v\u00e0o port SSH \u2014 kh\u00f4ng c\u1ea7n can thi\u1ec7p th\u1ee7 c\u00f4ng.<\/p>\n<ul>\n<li>C\u00e0i \u0111\u1eb7t nhanh qua <code>apt<\/code> (Ubuntu\/Debian) ho\u1eb7c <code>yum<\/code> (CentOS\/RHEL) \u2014 kh\u00f4ng ph\u1ee5 thu\u1ed9c g\u00f3i b\u00ean th\u1ee9 ba tr\u1eeb kho EPEL tr\u00ean CentOS.<\/li>\n<li>B\u1eaft bu\u1ed9c VPS \u0111\u00e3 b\u1eadt t\u01b0\u1eddng l\u1eeda (UFW ho\u1eb7c Firewalld) \u2014 n\u1ebfu ch\u01b0a b\u1eadt, Fail2ban c\u00e0i xong v\u1eabn <strong>kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c IP n\u00e0o<\/strong>.<\/li>\n<li>Kh\u00f4ng bao gi\u1edd s\u1eeda tr\u1ef1c ti\u1ebfp <code>jail.conf<\/code>; to\u00e0n b\u1ed9 c\u1ea5u h\u00ecnh t\u00f9y ch\u1ec9nh \u0111\u1eb7t trong <code>jail.local<\/code> \u0111\u1ec3 tr\u00e1nh b\u1ecb ghi \u0111\u00e8 khi update.<\/li>\n<li>G\u1ee1 ch\u1eb7n IP b\u1ecb kh\u00f3a nh\u1ea7m ch\u1ec9 c\u1ea7n m\u1ed9t l\u1ec7nh <code>fail2ban-client set sshd unbanip &lt;IP&gt;<\/code>.<\/li>\n<\/ul>\n<\/div>\n<p><!-- INTRODUCTION HOOK --><\/p>\n<p>M\u1edf file <code>\/var\/log\/auth.log<\/code> ra m\u00e0 th\u1ea5y h\u00e0ng tr\u0103m d\u00f2ng ki\u1ec3u <em>&#8220;Failed password for root from 45.89.233.x port 52341&#8221;<\/em> ch\u1ea1y li\u00ean t\u1ee5c \u2014 \u0111\u00f3 l\u00e0 d\u1ea5u hi\u1ec7u r\u00f5 nh\u1ea5t VPS c\u1ee7a b\u1ea1n \u0111ang b\u1ecb botnet qu\u00e9t m\u1eadt kh\u1ea9u SSH. Kh\u00f4ng ph\u1ea3i v\u00e0i l\u1ea7n, m\u00e0 h\u00e0ng ngh\u00ecn l\u1ea7n m\u1ed7i gi\u1edd. CPU t\u0103ng cao kh\u00f4ng v\u00ec l\u00fd do r\u00f5 r\u00e0ng? R\u1ea5t c\u00f3 th\u1ec3 \u0111\u00e2y l\u00e0 nguy\u00ean nh\u00e2n. \u0110\u1ed5i port SSH hay c\u00e0i m\u1eadt kh\u1ea9u ph\u1ee9c t\u1ea1p l\u00e0m gi\u1ea3m r\u1ee7i ro, nh\u01b0ng v\u1eabn kh\u00f4ng ng\u0103n \u0111\u01b0\u1ee3c b\u0103ng th\u00f4ng v\u00e0 t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng b\u1ecb nu\u1ed1t d\u1ea7n b\u1edfi c\u00e1c k\u1ebft n\u1ed1i r\u00e1c. Fail2ban x\u1eed l\u00fd \u0111\u00fang t\u1ea7ng \u0111\u00f3 \u2014 ph\u00e1t hi\u1ec7n pattern t\u1ea5n c\u00f4ng, \u0111\u00f3ng c\u1eeda ngay t\u1ea1i firewall tr\u01b0\u1edbc khi SSH k\u1ecbp ph\u1ea3n h\u1ed3i. B\u00e0i n\u00e0y \u0111i th\u1eb3ng v\u00e0o CLI: l\u1ec7nh c\u00e0i, file c\u1ea5u h\u00ecnh, c\u00e1ch test th\u1ef1c t\u1ebf, v\u00e0 c\u00e1ch x\u1eed l\u00fd khi l\u1ee1 tay t\u1ef1 ch\u1eb7n IP c\u1ee7a ch\u00ednh m\u00ecnh.<\/p>\n<figure id=\"attachment_40388\" aria-describedby=\"caption-attachment-40388\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40388\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/auth.log-bi-tan-cong-brute-force-SSH.webp\" alt=\"auth.log b\u1ecb t\u1ea5n c\u00f4ng brute-force SSH\" width=\"800\" height=\"537\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/auth.log-bi-tan-cong-brute-force-SSH.webp 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/auth.log-bi-tan-cong-brute-force-SSH-300x201.webp 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/auth.log-bi-tan-cong-brute-force-SSH-768x516.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-40388\" class=\"wp-caption-text\">auth.log b\u1ecb t\u1ea5n c\u00f4ng brute-force SSH<\/figcaption><\/figure>\n<p><!-- H2: CHU\u1ea8N B\u1eca --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Chuan-bi-truoc-khi-cai-dat-Fail2ban-cho-VPS\"><\/span>Chu\u1ea9n b\u1ecb tr\u01b0\u1edbc khi c\u00e0i \u0111\u1eb7t Fail2ban cho VPS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Y\u00eau c\u1ea7u t\u1ed1i thi\u1ec3u: VPS ch\u1ea1y Linux (Ubuntu 20.04\/22.04\/24.04 ho\u1eb7c CentOS 7\/8\/Stream), quy\u1ec1n <code>root<\/code> ho\u1eb7c t\u00e0i kho\u1ea3n c\u00f3 <code>sudo<\/code>. \u0110\u00e2y l\u00e0 ph\u1ea7n h\u1ea7u h\u1ebft h\u01b0\u1edbng d\u1eabn b\u1ecf qua nh\u01b0ng l\u1ea1i g\u00e2y ra 80% tr\u01b0\u1eddng h\u1ee3p &#8220;c\u00e0i xong kh\u00f4ng th\u1ea5y ch\u1eb7n g\u00ec&#8221;: <strong>t\u01b0\u1eddng l\u1eeda ph\u1ea3i \u0111\u01b0\u1ee3c b\u1eadt tr\u01b0\u1edbc<\/strong>. Fail2ban kh\u00f4ng t\u1ef1 t\u1ea1o rule firewall t\u1eeb \u0111\u1ea7u \u2014 n\u00f3 ch\u1ec9 th\u00eam rule v\u00e0o engine s\u1eb5n c\u00f3 (iptables, UFW, Firewalld). Kh\u00f4ng c\u00f3 engine \u0111\u00f3, l\u1ec7nh ban IP ch\u1ea1y c\u0169ng nh\u01b0 kh\u00f4ng.<\/p>\n<p>Ki\u1ec3m tra nhanh tr\u1ea1ng th\u00e1i UFW (Ubuntu):<\/p>\n<pre><code>sudo ufw status<\/code><\/pre>\n<figure id=\"attachment_40384\" aria-describedby=\"caption-attachment-40384\" style=\"width: 519px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40384\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-UFW-dang-bat.png\" alt=\"Tr\u1ea1ng th\u00e1i UFW \u0111ang b\u1eadt\" width=\"519\" height=\"244\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-UFW-dang-bat.png 519w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-UFW-dang-bat-300x141.png 300w\" sizes=\"auto, (max-width: 519px) 100vw, 519px\" \/><figcaption id=\"caption-attachment-40384\" class=\"wp-caption-text\">Tr\u1ea1ng th\u00e1i UFW \u0111ang b\u1eadt<\/figcaption><\/figure>\n<p>N\u1ebfu th\u1ea5y <code>Status: inactive<\/code> th\u00ec b\u1eadt tr\u01b0\u1edbc:<\/p>\n<pre><code>sudo ufw allow 22\/tcp\r\nsudo ufw enable<\/code><\/pre>\n<p>Tr\u00ean CentOS, ki\u1ec3m tra Firewalld:<\/p>\n<pre><code>sudo systemctl status firewalld<\/code><\/pre>\n<p><em><strong>M\u1eb9o t\u1eeb InterData:<\/strong> Tr\u01b0\u1edbc khi b\u1eaft \u0111\u1ea7u, m\u1edf <strong>hai phi\u00ean SSH song song<\/strong> v\u00e0o VPS. N\u1ebfu c\u1ea5u h\u00ecnh sai l\u00e0m Fail2ban t\u1ef1 ch\u1eb7n IP c\u1ee7a b\u1ea1n, b\u1ea1n v\u1eabn c\u00f2n session th\u1ee9 hai \u0111\u1ec3 v\u00e0o g\u1ee1. M\u1ea5t c\u1ea3 hai session m\u00e0 kh\u00f4ng c\u00f3 KVM\/console th\u00ec t\u00ecnh hu\u1ed1ng r\u1ea5t ph\u1ee9c t\u1ea1p.<\/em><\/p>\n<p><!-- H2: C\u00c0I \u0110\u1eb6T --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Huong-dan-cai-dat-Fail2ban-tren-he-dieu-hanh-Linux\"><\/span>H\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t Fail2ban tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Fail2ban c\u00f3 trong repository ch\u00ednh th\u1ee9c c\u1ee7a Ubuntu\/Debian. V\u1edbi CentOS\/RHEL, c\u1ea7n th\u00eam kho EPEL tr\u01b0\u1edbc \u2014 \u0111\u00e2y l\u00e0 \u0111i\u1ec3m kh\u00e1c bi\u1ec7t quan tr\u1ecdng, b\u1ecf qua b\u01b0\u1edbc n\u00e0y s\u1ebd b\u00e1o l\u1ed7i <em>&#8220;No package fail2ban available&#8221;<\/em>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-tren-Ubuntu-Debian\"><\/span>C\u00e0i \u0111\u1eb7t tr\u00ean Ubuntu \/ Debian<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u1eadp nh\u1eadt danh s\u00e1ch package tr\u01b0\u1edbc, sau \u0111\u00f3 c\u00e0i:<\/p>\n<pre><code>sudo apt update &amp;&amp; sudo apt install fail2ban -y<\/code><\/pre>\n<p>Flag <code>-y<\/code> t\u1ef1 \u0111\u1ed9ng x\u00e1c nh\u1eadn to\u00e0n b\u1ed9 prompt, kh\u00f4ng c\u1ea7n ng\u1ed3i g\u00f5 &#8220;Y&#8221; th\u1ee7 c\u00f4ng. Sau khi c\u00e0i xong, Fail2ban t\u1ef1 kh\u1edfi \u0111\u1ed9ng \u2014 ki\u1ec3m tra nhanh b\u1eb1ng <code>sudo systemctl status fail2ban<\/code>.<\/p>\n<figure id=\"attachment_40385\" aria-describedby=\"caption-attachment-40385\" style=\"width: 1571px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40385\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-cai-dat-Fail2ban-thanh-cong.png\" alt=\"Tr\u1ea1ng th\u00e1i c\u00e0i \u0111\u1eb7t Fail2ban th\u00e0nh c\u00f4ng\" width=\"1571\" height=\"276\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-cai-dat-Fail2ban-thanh-cong.png 1571w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-cai-dat-Fail2ban-thanh-cong-300x53.png 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-cai-dat-Fail2ban-thanh-cong-1024x180.png 1024w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-cai-dat-Fail2ban-thanh-cong-768x135.png 768w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-cai-dat-Fail2ban-thanh-cong-1536x270.png 1536w\" sizes=\"auto, (max-width: 1571px) 100vw, 1571px\" \/><figcaption id=\"caption-attachment-40385\" class=\"wp-caption-text\">Tr\u1ea1ng th\u00e1i c\u00e0i \u0111\u1eb7t Fail2ban th\u00e0nh c\u00f4ng<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-tren-CentOS-RHEL\"><\/span>C\u00e0i \u0111\u1eb7t tr\u00ean CentOS \/ RHEL<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CentOS kh\u00f4ng \u0111\u01b0a Fail2ban v\u00e0o repo m\u1eb7c \u0111\u1ecbnh, ph\u1ea3i th\u00eam kho EPEL (Extra Packages for Enterprise Linux) tr\u01b0\u1edbc:<\/p>\n<pre><code>sudo yum install epel-release -y<\/code><\/pre>\n<p>Sau khi EPEL s\u1eb5n s\u00e0ng:<\/p>\n<pre><code>sudo yum install fail2ban -y<\/code><\/pre>\n<p>Tr\u00ean CentOS 8 ho\u1eb7c Stream, thay <code>yum<\/code> b\u1eb1ng <code>dnf<\/code> n\u1ebfu c\u1ea7n. C\u00fa ph\u00e1p t\u01b0\u01a1ng t\u1ef1, k\u1ebft qu\u1ea3 nh\u01b0 nhau.<\/p>\n<p><!-- H2: C\u1ea4U H\u00ccNH --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cau-hinh-Fail2ban-bao-ve-SSH-qua-file-jaillocal\"><\/span>C\u1ea5u h\u00ecnh Fail2ban b\u1ea3o v\u1ec7 SSH qua file jail.local<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>File <code>\/etc\/fail2ban\/jail.conf<\/code> l\u00e0 c\u1ea5u h\u00ecnh g\u1ed1c c\u1ee7a Fail2ban. <strong>Tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng s\u1eeda tr\u1ef1c ti\u1ebfp file n\u00e0y.<\/strong> M\u1ed7i l\u1ea7n c\u1eadp nh\u1eadt Fail2ban, file \u0111\u00f3 s\u1ebd b\u1ecb ghi \u0111\u00e8 ho\u00e0n to\u00e0n. Quy t\u1eafc chu\u1ea9n l\u00e0 t\u1ea1o file <code>jail.local<\/code> ri\u00eang \u2014 Fail2ban \u0111\u1ecdc file n\u00e0y sau v\u00e0 cho ph\u00e9p n\u00f3 override b\u1ea5t k\u1ef3 gi\u00e1 tr\u1ecb n\u00e0o trong <code>jail.conf<\/code>.<\/p>\n<p>C\u00e1ch t\u1ea1o v\u00e0 c\u1ea5u h\u00ecnh <code>jail.local<\/code>:<\/p>\n<p><strong>B\u01b0\u1edbc 1<\/strong> \u2014 T\u1ea1o file m\u1edbi:<\/p>\n<pre><code>sudo nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n<p><strong>B\u01b0\u1edbc 2<\/strong> \u2014 D\u00e1n n\u1ed9i dung c\u1ea5u h\u00ecnh sau v\u00e0o file:<\/p>\n<pre><code>[DEFAULT]\r\nbantime  = 3600\r\nfindtime = 600\r\nmaxretry = 5\r\n\r\n[sshd]\r\nenabled  = true\r\nport     = ssh\r\nfilter   = sshd\r\n# Ubuntu\/Debian d\u00f9ng d\u00f2ng n\u00e0y:\r\nlogpath  = \/var\/log\/auth.log\r\n# CentOS\/RHEL d\u00f9ng d\u00f2ng n\u00e0y (b\u1ecf comment, comment d\u00f2ng tr\u00ean):\r\n# logpath = \/var\/log\/secure\r\nmaxretry = 5<\/code><\/pre>\n<p><strong>B\u01b0\u1edbc 3<\/strong> \u2014 L\u01b0u file: nh\u1ea5n <code>Ctrl+O<\/code>, Enter, r\u1ed3i <code>Ctrl+X<\/code> \u0111\u1ec3 tho\u00e1t nano.<\/p>\n<div class=\"note-box\"><strong>L\u01b0u \u00fd quan tr\u1ecdng v\u1ec1 <code>logpath<\/code>:<\/strong> Ubuntu\/Debian ghi log SSH v\u00e0o <code>\/var\/log\/auth.log<\/code>. CentOS\/RHEL ghi v\u00e0o <code>\/var\/log\/secure<\/code>. Tr\u1ecf sai file log, Fail2ban kh\u00f4ng \u0111\u1ecdc \u0111\u01b0\u1ee3c \u2014 c\u00e0i m\u1ea5y c\u0169ng kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c IP n\u00e0o. H\u00e3y x\u00e1c nh\u1eadn \u0111\u00fang OS tr\u01b0\u1edbc khi l\u01b0u.<\/div>\n<figure id=\"attachment_40386\" aria-describedby=\"caption-attachment-40386\" style=\"width: 332px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40386\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Tao-file-jail.local_.png\" alt=\"T\u1ea1o file jail.local\" width=\"332\" height=\"280\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Tao-file-jail.local_.png 332w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Tao-file-jail.local_-300x253.png 300w\" sizes=\"auto, (max-width: 332px) 100vw, 332px\" \/><figcaption id=\"caption-attachment-40386\" class=\"wp-caption-text\">T\u1ea1o file jail.local<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Y-nghia-cac-thong-so-cau-hinh-maxretry-bantime-findtime\"><\/span>\u00dd ngh\u0129a c\u00e1c th\u00f4ng s\u1ed1 c\u1ea5u h\u00ecnh (maxretry, bantime, findtime)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ba th\u00f4ng s\u1ed1 n\u00e0y quy\u1ebft \u0111\u1ecbnh &#8220;\u0111\u1ed9 nh\u1ea1y&#8221; c\u1ee7a Fail2ban. Ch\u1ec9nh sai c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn hai th\u00e1i c\u1ef1c: qu\u00e1 l\u1ecfng (kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c) ho\u1eb7c qu\u00e1 ch\u1eb7t (t\u1ef1 kh\u00f3a ng\u01b0\u1eddi d\u00f9ng h\u1ee3p l\u1ec7).<\/p>\n<ul>\n<li><strong><code>enabled = true<\/code><\/strong> \u2014 B\u1eadt jail cho d\u1ecbch v\u1ee5 SSH. \u0110\u1eb7t <code>false<\/code> \u0111\u1ec3 t\u1eaft t\u1ea1m m\u00e0 kh\u00f4ng c\u1ea7n x\u00f3a config.<\/li>\n<li><strong><code>port = ssh<\/code><\/strong> \u2014 M\u1eb7c \u0111\u1ecbnh l\u00e0 port 22. N\u1ebfu b\u1ea1n \u0111\u00e3 \u0111\u1ed5i SSH sang port kh\u00e1c (v\u00ed d\u1ee5 2222), thay th\u00e0nh <code>port = 2222<\/code>. Quan tr\u1ecdng \u2014 xem ph\u1ea7n FAQ b\u00ean d\u01b0\u1edbi.<\/li>\n<li><strong><code>filter = sshd<\/code><\/strong> \u2014 Tr\u1ecf \u0111\u1ebfn file filter regex t\u1ea1i <code>\/etc\/fail2ban\/filter.d\/sshd.conf<\/code>. File n\u00e0y \u0111\u1ecbnh ngh\u0129a pattern nh\u1eadn di\u1ec7n \u0111\u0103ng nh\u1eadp th\u1ea5t b\u1ea1i trong log. Kh\u00f4ng c\u1ea7n s\u1eeda.<\/li>\n<li><strong><code>logpath<\/code><\/strong> \u2014 \u0110\u01b0\u1eddng d\u1eabn file log SSH c\u1ea7n gi\u00e1m s\u00e1t. <strong>Ubuntu\/Debian: <code>\/var\/log\/auth.log<\/code><\/strong> \u2014 <strong>CentOS\/RHEL: <code>\/var\/log\/secure<\/code><\/strong>. \u0110\u00e2y l\u00e0 ch\u1ed7 hay nh\u1ea7m nh\u1ea5t.<\/li>\n<li><strong><code>maxretry = 5<\/code><\/strong> \u2014 S\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai t\u1ed1i \u0111a trong kho\u1ea3ng <code>findtime<\/code> tr\u01b0\u1edbc khi b\u1ecb block. 5 l\u00e0 gi\u00e1 tr\u1ecb an to\u00e0n \u2014 \u0111\u1ee7 khoan dung cho ng\u01b0\u1eddi g\u00f5 nh\u1ea7m, \u0111\u1ee7 ch\u1eb7t v\u1edbi botnet.<\/li>\n<li><strong><code>bantime = 3600<\/code><\/strong> \u2014 Th\u1eddi gian block t\u00ednh b\u1eb1ng gi\u00e2y. 3600 = 1 gi\u1edd. T\u1ea5n c\u00f4ng th\u1ef1c s\u1ef1 c\u00f3 th\u1ec3 \u0111\u1eb7t cao h\u01a1n, th\u1eadm ch\u00ed <code>-1<\/code> \u0111\u1ec3 block v\u0129nh vi\u1ec5n, nh\u01b0ng r\u1ee7i ro t\u1ef1 kh\u00f3a c\u0169ng t\u0103ng theo.<\/li>\n<li><strong><code>findtime = 600<\/code><\/strong> \u2014 C\u1eeda s\u1ed5 th\u1eddi gian (gi\u00e2y) \u0111\u1ec3 \u0111\u1ebfm s\u1ed1 l\u1ea7n th\u1ea5t b\u1ea1i. 600 gi\u00e2y = 10 ph\u00fat. Ngh\u0129a l\u00e0: n\u1ebfu 5 l\u1ea7n sai x\u1ea3y ra trong v\u00f2ng 10 ph\u00fat \u2192 block. Sai 4 l\u1ea7n trong 11 ph\u00fat \u2192 kh\u00f4ng block.<\/li>\n<\/ul>\n<p>M\u1ed1i quan h\u1ec7 gi\u1eefa ba th\u00f4ng s\u1ed1 n\u00e0y: <code>findtime<\/code> x\u00e1c \u0111\u1ecbnh kho\u1ea3ng quan s\u00e1t, <code>maxretry<\/code> l\u00e0 ng\u01b0\u1ee1ng k\u00edch ho\u1ea1t, <code>bantime<\/code> l\u00e0 h\u00ecnh ph\u1ea1t. T\u0103ng <code>bantime<\/code> l\u00ean 86400 (1 ng\u00e0y) n\u1ebfu server b\u1ecb t\u1ea5n c\u00f4ng li\u00ean t\u1ee5c.<\/p>\n<p><!-- H2: K\u00cdCH HO\u1ea0T --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Kich-hoat-dich-vu-va-kiem-tra-trang-thai-Fail2ban\"><\/span>K\u00edch ho\u1ea1t d\u1ecbch v\u1ee5 v\u00e0 ki\u1ec3m tra tr\u1ea1ng th\u00e1i Fail2ban<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Sau khi l\u01b0u <code>jail.local<\/code>, kh\u1edfi \u0111\u1ed9ng l\u1ea1i Fail2ban \u0111\u1ec3 n\u00f3 \u0111\u1ecdc c\u1ea5u h\u00ecnh m\u1edbi:<\/p>\n<pre><code>sudo systemctl restart fail2ban<\/code><\/pre>\n<p>C\u00e0i \u0111\u1eb7t \u0111\u1ec3 Fail2ban t\u1ef1 kh\u1edfi \u0111\u1ed9ng m\u1ed7i khi VPS reboot:<\/p>\n<pre><code>sudo systemctl enable fail2ban<\/code><\/pre>\n<p>Ki\u1ec3m tra jail SSH \u0111\u00e3 nh\u1eadn c\u1ea5u h\u00ecnh ch\u01b0a:<\/p>\n<pre><code>sudo fail2ban-client status sshd<\/code><\/pre>\n<p>Output tr\u1ea3 v\u1ec1 s\u1ebd hi\u1ec3n th\u1ecb: s\u1ed1 l\u1ea7n th\u1ea5t b\u1ea1i \u0111ang theo d\u00f5i, t\u1ed5ng IP \u0111\u00e3 b\u1ecb ban, v\u00e0 danh s\u00e1ch IP trong <em>Banned IP list<\/em>. N\u1ebfu th\u1ea5y <em>&#8220;Sorry but the jail &#8216;sshd&#8217; does not exist&#8221;<\/em>, ki\u1ec3m tra l\u1ea1i file <code>jail.local<\/code> \u2014 th\u01b0\u1eddng do l\u1ed7i c\u00fa ph\u00e1p ho\u1eb7c sai t\u00ean section.<\/p>\n<figure id=\"attachment_40387\" aria-describedby=\"caption-attachment-40387\" style=\"width: 882px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40387\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-Fail2ban-da-nhan-cau-hinh-jail.local_.png\" alt=\"Tr\u1ea1ng th\u00e1i Fail2ban \u0111\u00e3 nh\u1eadn c\u1ea5u h\u00ecnh jail.local\" width=\"882\" height=\"259\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-Fail2ban-da-nhan-cau-hinh-jail.local_.png 882w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-Fail2ban-da-nhan-cau-hinh-jail.local_-300x88.png 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Trang-thai-Fail2ban-da-nhan-cau-hinh-jail.local_-768x226.png 768w\" sizes=\"auto, (max-width: 882px) 100vw, 882px\" \/><figcaption id=\"caption-attachment-40387\" class=\"wp-caption-text\">Tr\u1ea1ng th\u00e1i Fail2ban \u0111\u00e3 nh\u1eadn c\u1ea5u h\u00ecnh jail.local<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Cach-tu-kiem-tra-Test-Fail2ban-da-chan-IP-thanh-cong-chua\"><\/span>C\u00e1ch t\u1ef1 ki\u1ec3m tra (Test) Fail2ban \u0111\u00e3 ch\u1eb7n IP th\u00e0nh c\u00f4ng ch\u01b0a<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1eebng tin t\u01b0\u1edfng v\u00e0o c\u1ea5u h\u00ecnh m\u00e0 ch\u01b0a test th\u1ef1c t\u1ebf. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1ch x\u00e1c minh Fail2ban ho\u1ea1t \u0111\u1ed9ng \u0111\u00fang m\u00e0 kh\u00f4ng m\u1ea1o hi\u1ec3m kh\u00f3a lu\u00f4n IP \u0111ang d\u00f9ng:<\/p>\n<p><strong>B\u01b0\u1edbc 1<\/strong> \u2014 D\u00f9ng m\u1ea1ng 4G tr\u00ean \u0111i\u1ec7n tho\u1ea1i (IP ho\u00e0n to\u00e0n kh\u00e1c v\u1edbi IP WiFi m\u00e1y t\u00ednh \u0111ang SSH v\u00e0o VPS).<\/p>\n<p><strong>B\u01b0\u1edbc 2<\/strong> \u2014 T\u1eeb \u0111i\u1ec7n tho\u1ea1i, th\u1eed SSH v\u00e0o VPS v\u00e0 g\u00f5 sai m\u1eadt kh\u1ea9u li\u00ean t\u1ee5c \u2014 \u0111\u1ee7 5 l\u1ea7n (ho\u1eb7c \u0111\u00fang b\u1eb1ng <code>maxretry<\/code> b\u1ea1n \u0111\u00e3 \u0111\u1eb7t):<\/p>\n<pre><code>ssh root@IP_VPS_CUA_BAN<\/code><\/pre>\n<p>G\u00f5 b\u1ea5t k\u1ef3 m\u1eadt kh\u1ea9u sai n\u00e0o. L\u00e0m \u0111\u1ee7 5 l\u1ea7n trong v\u00f2ng 10 ph\u00fat.<\/p>\n<p><strong>B\u01b0\u1edbc 3<\/strong> \u2014 Quay l\u1ea1i m\u00e0n h\u00ecnh SSH tr\u00ean m\u00e1y t\u00ednh (session v\u1eabn c\u00f2n), ch\u1ea1y:<\/p>\n<pre><code>sudo fail2ban-client status sshd<\/code><\/pre>\n<p>N\u1ebfu IP 4G c\u1ee7a \u0111i\u1ec7n tho\u1ea1i xu\u1ea5t hi\u1ec7n trong <em>Banned IP list<\/em> \u2014 c\u1ea5u h\u00ecnh ho\u1ea1t \u0111\u1ed9ng ch\u00ednh x\u00e1c. Tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng d\u00f9ng IP \u0111ang SSH v\u00e0o VPS \u0111\u1ec3 test, v\u00ec n\u1ebfu b\u1ecb kh\u00f3a, b\u1ea1n m\u1ea5t lu\u00f4n quy\u1ec1n truy c\u1eadp remote cho \u0111\u1ebfn khi h\u1ebft <code>bantime<\/code>.<\/p>\n<p><!-- H2: L\u1ec6NH QU\u1ea2N L\u00dd --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-lenh-quan-ly-Fail2ban-SSH-huu-ich-cho-Quan-tri-vien\"><\/span>C\u00e1c l\u1ec7nh qu\u1ea3n l\u00fd Fail2ban SSH h\u1eefu \u00edch cho Qu\u1ea3n tr\u1ecb vi\u00ean<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Sau khi c\u00e0i xong, \u0111\u00e2y l\u00e0 nh\u1eefng l\u1ec7nh d\u00f9ng th\u01b0\u1eddng xuy\u00ean nh\u1ea5t trong c\u00f4ng vi\u1ec7c v\u1eadn h\u00e0nh h\u00e0ng ng\u00e0y:<\/p>\n<p><strong>Xem tr\u1ea1ng th\u00e1i t\u1ed5ng quan:<\/strong><\/p>\n<pre><code>sudo fail2ban-client status<\/code><\/pre>\n<p><strong>Xem chi ti\u1ebft jail SSH (bao g\u1ed3m danh s\u00e1ch IP \u0111ang b\u1ecb ch\u1eb7n):<\/strong><\/p>\n<pre><code>sudo fail2ban-client status sshd<\/code><\/pre>\n<p><strong>Xem log ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Fail2ban:<\/strong><\/p>\n<pre><code>sudo tail -f \/var\/log\/fail2ban.log<\/code><\/pre>\n<p>Log n\u00e0y cho th\u1ea5y IP n\u00e0o v\u1eeba b\u1ecb ban, th\u1eddi gian, v\u00e0 d\u1ecbch v\u1ee5 n\u00e0o k\u00edch ho\u1ea1t. D\u00f9ng \u0111\u1ec3 theo d\u00f5i khi nghi ng\u1edd \u0111ang b\u1ecb t\u1ea5n c\u00f4ng.<\/p>\n<p><strong>Reload c\u1ea5u h\u00ecnh sau khi s\u1eeda jail.local (kh\u00f4ng c\u1ea7n restart to\u00e0n b\u1ed9 service):<\/strong><\/p>\n<pre><code>sudo fail2ban-client reload<\/code><\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Lenh-go-chan-Unban-mot-IP-trong-Fail2ban-nhu-the-nao\"><\/span>L\u1ec7nh g\u1ee1 ch\u1eb7n (Unban) m\u1ed9t IP trong Fail2ban nh\u01b0 th\u1ebf n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 g\u1ee1 ch\u1eb7n m\u1ed9t IP \u0111\u00e3 b\u1ecb Fail2ban kh\u00f3a kh\u1ecfi d\u1ecbch v\u1ee5 SSH, d\u00f9ng c\u00fa ph\u00e1p sau:<\/p>\n<pre><code>sudo fail2ban-client set sshd unbanip &lt;\u0110\u1ecaA_CH\u1ec8_IP&gt;<\/code><\/pre>\n<p>V\u00ed d\u1ee5 c\u1ee5 th\u1ec3:<\/p>\n<pre><code>sudo fail2ban-client set sshd unbanip 203.0.113.45<\/code><\/pre>\n<p>T\u00ecnh hu\u1ed1ng th\u01b0\u1eddng g\u1eb7p nh\u1ea5t l\u00e0: IP 4G d\u00f9ng \u0111\u1ec3 test b\u1ecb kh\u00f3a, ho\u1eb7c sysadmin g\u00f5 sai password qu\u00e1 nhi\u1ec1u l\u1ea7n t\u1eeb m\u1ed9t IP m\u1edbi. L\u1ec7nh n\u00e0y c\u00f3 hi\u1ec7u l\u1ef1c ngay l\u1eadp t\u1ee9c \u2014 kh\u00f4ng c\u1ea7n restart Fail2ban, kh\u00f4ng c\u1ea7n ch\u1edd h\u1ebft <code>bantime<\/code>.<\/p>\n<p><!-- CTA BOX --><\/p>\n<div style=\"background: linear-gradient(135deg, #1a3c6e 0%, #0f6cbf 100%); border-radius: 12px; padding: 28px 32px; margin: 40px 0; max-width: 100%; box-shadow: 0 4px 20px rgba(15,108,191,0.25);\">\n<div style=\"display: inline-block; background: rgba(255,255,255,0.15); border: 1px solid rgba(255,255,255,0.3); border-radius: 20px; padding: 4px 14px; margin-bottom: 16px;\"><span style=\"color: #ffffff; font-size: 12px; font-weight: 600; letter-spacing: 0.5px; text-transform: uppercase;\">InterData<\/span><\/div>\n<h3 style=\"color: #ffffff; font-size: 22px; font-weight: bold; margin: 0 0 8px 0; line-height: 1.3;\"><span class=\"ez-toc-section\" id=\"VPS-Gia-Re-InterData-%E2%80%94-Firewall-2-Lop-Ho-Tro-Bao-Mat-Tu-Ngay-Dau\"><\/span>VPS Gi\u00e1 R\u1ebb InterData \u2014 Firewall 2 L\u1edbp, H\u1ed7 Tr\u1ee3 B\u1ea3o M\u1eadt T\u1eeb Ng\u00e0y \u0110\u1ea7u<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"color: rgba(255,255,255,0.85); font-size: 15px; margin: 0 0 20px 0; line-height: 1.6;\">Tri\u1ec3n khai Fail2ban v\u00e0 to\u00e0n b\u1ed9 t\u1ea7ng b\u1ea3o m\u1eadt SSH ngay tr\u00ean h\u1ea1 t\u1ea7ng VPS \u1ed5n \u0111\u1ecbnh \u2014 datacenter H\u00e0 N\u1ed9i &amp; TP.HCM, uptime 99.9%.<\/p>\n<ul style=\"list-style: none; padding: 0; margin: 0 0 24px 0;\">\n<li style=\"color: rgba(255,255,255,0.9); font-size: 14px; padding: 5px 0; display: flex; align-items: flex-start;\"><span style=\"color: #4fc3f7; font-size: 16px; margin-right: 8px; flex-shrink: 0;\">\u2713<\/span>Firewall c\u1ee9ng b\u1ea3o v\u1ec7 2 l\u1edbp \u2014 ch\u1eb7n t\u1ea5n c\u00f4ng t\u1eeb t\u1ea7ng m\u1ea1ng tr\u01b0\u1edbc khi \u0111\u1ebfn VPS<\/li>\n<li style=\"color: rgba(255,255,255,0.9); font-size: 14px; padding: 5px 0; display: flex; align-items: flex-start;\"><span style=\"color: #4fc3f7; font-size: 16px; margin-right: 8px; flex-shrink: 0;\">\u2713<\/span>H\u1ed7 tr\u1ee3 c\u00e0i \u0111\u1eb7t b\u1ea3o m\u1eadt ban \u0111\u1ea7u (Fail2ban, SSH hardening) mi\u1ec5n ph\u00ed cho kh\u00e1ch m\u1edbi<\/li>\n<li style=\"color: rgba(255,255,255,0.9); font-size: 14px; padding: 5px 0; display: flex; align-items: flex-start;\"><span style=\"color: #4fc3f7; font-size: 16px; margin-right: 8px; flex-shrink: 0;\">\u2713<\/span>\u1ed4 NVMe SSD, b\u0103ng th\u00f4ng 1Gbps, full root access \u2014 to\u00e0n quy\u1ec1n c\u1ea5u h\u00ecnh theo nhu c\u1ea7u<\/li>\n<\/ul>\n<p><a style=\"display: inline-block; background: #ffffff; color: #1a3c6e; font-size: 15px; font-weight: bold; text-decoration: none; padding: 12px 28px; border-radius: 8px;\" href=\"https:\/\/interdata.vn\/thue-vps\/\" target=\"_blank\" rel=\"noopener\">Thu\u00ea VPS Gi\u00e1 R\u1ebb Ngay \u2192<\/a><\/p>\n<\/div>\n<p><!-- FAQs --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cau-hoi-thuong-gap-ve-cau-hinh-Fail2ban-SSH\"><\/span>C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 c\u1ea5u h\u00ecnh Fail2ban SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Lam-sao-de-dua-IP-cua-toi-vao-danh-sach-trang-Whitelist-khong-bao-gio-bi-chan\"><\/span>L\u00e0m sao \u0111\u1ec3 \u0111\u01b0a IP c\u1ee7a t\u00f4i v\u00e0o danh s\u00e1ch tr\u1eafng (Whitelist) kh\u00f4ng bao gi\u1edd b\u1ecb ch\u1eb7n?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>D\u00f9ng th\u00f4ng s\u1ed1 <code>ignoreip<\/code> trong section <code>[DEFAULT]<\/code> c\u1ee7a file <code>jail.local<\/code>. Th\u00eam d\u00f2ng sau, trong \u0111\u00f3 IP t\u0129nh v\u0103n ph\u00f2ng ho\u1eb7c IP nh\u00e0 b\u1ea1n \u0111\u01b0\u1ee3c li\u1ec7t k\u00ea c\u00e1ch nhau b\u1eb1ng kho\u1ea3ng tr\u1eafng:<\/p>\n<pre><code>[DEFAULT]\r\nignoreip = 127.0.0.1\/8 ::1 203.0.113.10 10.0.0.0\/8<\/code><\/pre>\n<p>Fail2ban s\u1ebd b\u1ecf qua ho\u00e0n to\u00e0n m\u1ecdi h\u00e0nh vi t\u1eeb c\u00e1c IP n\u00e0y d\u00f9 g\u00f5 sai m\u1eadt kh\u1ea9u bao nhi\u00eau l\u1ea7n. Ph\u00f9 h\u1ee3p n\u1ebfu b\u1ea1n c\u00f3 IP t\u0129nh, nh\u01b0ng v\u1edbi IP \u0111\u1ed9ng (\u0111\u1ed5i m\u1ed7i ng\u00e0y) th\u00ec kh\u00f4ng \u00e1p d\u1ee5ng \u0111\u01b0\u1ee3c \u2014 ph\u01b0\u01a1ng \u00e1n thay th\u1ebf l\u00e0 t\u0103ng <code>maxretry<\/code> l\u00ean cao h\u01a1n (v\u00ed d\u1ee5 10).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Doi-port-SSH-roi-thi-cau-hinh-Fail2ban-nhu-the-nao\"><\/span>\u0110\u1ed5i port SSH r\u1ed3i th\u00ec c\u1ea5u h\u00ecnh Fail2ban nh\u01b0 th\u1ebf n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>S\u1eeda th\u00f4ng s\u1ed1 <code>port<\/code> trong section <code>[sshd]<\/code> c\u1ee7a <code>jail.local<\/code> cho kh\u1edbp v\u1edbi port m\u1edbi. N\u1ebfu SSH c\u1ee7a b\u1ea1n \u0111ang ch\u1ea1y tr\u00ean port 2222:<\/p>\n<pre><code>[sshd]\r\nenabled  = true\r\nport     = 2222\r\nfilter   = sshd\r\nlogpath  = \/var\/log\/auth.log\r\nmaxretry = 5<\/code><\/pre>\n<p>Sau khi s\u1eeda, reload l\u1ea1i c\u1ea5u h\u00ecnh: <code>sudo fail2ban-client reload<\/code>. N\u1ebfu \u0111\u1ec3 nguy\u00ean <code>port = ssh<\/code> trong khi \u0111\u00e3 \u0111\u1ed5i port th\u1ef1c t\u1ebf, Fail2ban v\u1eabn ph\u00e1t hi\u1ec7n v\u00e0 \u0111\u1ebfm l\u1ea7n sai \u2014 nh\u01b0ng rule block s\u1ebd ch\u1eb7n nh\u1ea7m port 22 thay v\u00ec port 2222, d\u1eabn \u0111\u1ebfn kh\u00f4ng c\u00f3 hi\u1ec7u qu\u1ea3.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tai-sao-Fail2ban-cai-xong-ma-khong-chan-duoc-IP-nao\"><\/span>T\u1ea1i sao Fail2ban c\u00e0i xong m\u00e0 kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c IP n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nguy\u00ean nh\u00e2n ph\u1ed5 bi\u1ebfn nh\u1ea5t: t\u01b0\u1eddng l\u1eeda ch\u01b0a \u0111\u01b0\u1ee3c b\u1eadt. Fail2ban kh\u00f4ng t\u1ef1 t\u1ea1o firewall \u2014 n\u00f3 ch\u1ec9 ghi rule v\u00e0o engine \u0111ang ch\u1ea1y (UFW, Firewalld, iptables). Ki\u1ec3m tra l\u1ea1i b\u1eb1ng <code>sudo ufw status<\/code> (Ubuntu) ho\u1eb7c <code>sudo systemctl status firewalld<\/code> (CentOS). Nguy\u00ean nh\u00e2n th\u1ee9 hai th\u01b0\u1eddng g\u1eb7p: sai \u0111\u01b0\u1eddng d\u1eabn <code>logpath<\/code> \u2014 Ubuntu d\u00f9ng <code>\/var\/log\/auth.log<\/code>, CentOS d\u00f9ng <code>\/var\/log\/secure<\/code>. D\u00f9ng nh\u1ea7m th\u00ec Fail2ban kh\u00f4ng \u0111\u1ecdc \u0111\u01b0\u1ee3c log SSH, kh\u00f4ng bao gi\u1edd k\u00edch ho\u1ea1t ban.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Fail2ban-co-hoat-dong-duoc-neu-VPS-dung-SSH-Key-thay-vi-mat-khau-khong\"><\/span>Fail2ban c\u00f3 ho\u1ea1t \u0111\u1ed9ng \u0111\u01b0\u1ee3c n\u1ebfu VPS d\u00f9ng SSH Key thay v\u00ec m\u1eadt kh\u1ea9u kh\u00f4ng?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00f3, nh\u01b0ng m\u1ee9c \u0111\u1ed9 \u01b0u ti\u00ean kh\u00e1c nhau. Khi SSH Key \u0111\u00e3 b\u1eadt v\u00e0 t\u1eaft x\u00e1c th\u1ef1c m\u1eadt kh\u1ea9u (<code>PasswordAuthentication no<\/code> trong <code>\/etc\/ssh\/sshd_config<\/code>), botnet v\u1eabn c\u1ed1 k\u1ebft n\u1ed1i nh\u01b0ng b\u1ecb t\u1eeb ch\u1ed1i ngay \u1edf t\u1ea7ng x\u00e1c th\u1ef1c \u2014 kh\u00f4ng t\u1ea1o ra log &#8220;Failed password&#8221;. Fail2ban l\u00fac n\u00e0y ch\u1eb7n \u00edt h\u01a1n v\u00ec log \u00edt h\u01a1n, song song \u0111\u00f3 SSH Key \u0111\u00e3 b\u1ea3o v\u1ec7 ch\u1ee7 \u0111\u1ed9ng h\u01a1n. K\u1ebft h\u1ee3p c\u1ea3 hai l\u00e0 c\u1ea5u h\u00ecnh l\u00fd t\u01b0\u1edfng: SSH Key ng\u0103n x\u00e1c th\u1ef1c tr\u00e1i ph\u00e9p, Fail2ban ch\u1eb7n IP qu\u00e9t c\u1ed5ng li\u00ean t\u1ee5c l\u00e0m t\u1ed1n t\u00e0i nguy\u00ean.<\/p>\n<p><!-- K\u1ebeT LU\u1eacN --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ket-luan\"><\/span>K\u1ebft lu\u1eadn<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Fail2ban l\u00e0 l\u1edbp ph\u00f2ng th\u1ee7 \u0111\u1ea7u ti\u00ean \u2014 d\u1ec5 c\u00e0i, \u00edt t\u1ed1n t\u00e0i nguy\u00ean, v\u00e0 hi\u1ec7u qu\u1ea3 th\u1ef1c s\u1ef1 v\u1edbi t\u1ea5n c\u00f4ng brute-force SSH. Sau khi ho\u00e0n th\u00e0nh c\u00e1c b\u01b0\u1edbc tr\u00ean, VPS c\u1ee7a b\u1ea1n \u0111\u00e3 c\u00f3 kh\u1ea3 n\u0103ng t\u1ef1 \u0111\u1ed9ng ph\u00e1t hi\u1ec7n v\u00e0 kh\u00f3a IP t\u1ea5n c\u00f4ng m\u00e0 kh\u00f4ng c\u1ea7n can thi\u1ec7p th\u1ee7 c\u00f4ng. File <code>auth.log<\/code> s\u1ebd gi\u1ea3m r\u00f5 r\u1ec7t s\u1ed1 d\u00f2ng l\u1ed7i \u0111\u0103ng nh\u1eadp, CPU kh\u00f4ng c\u00f2n b\u1ecb nu\u1ed1t b\u1edfi h\u00e0ng ngh\u00ecn k\u1ebft n\u1ed1i TCP r\u00e1c m\u1ed7i gi\u1edd.<\/p>\n<p>Fail2ban gi\u1ea3i quy\u1ebft t\u1ed1t b\u00e0i to\u00e1n brute-force, nh\u01b0ng \u0111\u00f3 ch\u1ec9 l\u00e0 m\u1ed9t l\u1edbp trong chi\u1ebfn l\u01b0\u1ee3c b\u1ea3o m\u1eadt VPS ho\u00e0n ch\u1ec9nh. B\u00ean c\u1ea1nh \u0111\u00f3, b\u1ea1n n\u00ean tham kh\u1ea3o th\u00eam c\u00e1c ph\u01b0\u01a1ng ph\u00e1p <a href=\"https:\/\/interdata.vn\/blog\/bao-mat-vps\/\" target=\"_blank\" rel=\"noopener\">b\u1ea3o m\u1eadt VPS ch\u1ed1ng brute-force to\u00e0n di\u1ec7n<\/a> \u2014 \u0111\u1eb7c bi\u1ec7t l\u00e0 vi\u1ec7c chuy\u1ec3n sang x\u00e1c th\u1ef1c SSH Key \u0111\u1ec3 lo\u1ea1i b\u1ecf ho\u00e0n to\u00e0n nguy c\u01a1 b\u1ecb \u0111o\u00e1n m\u1eadt kh\u1ea9u. Tham kh\u1ea3o th\u00eam <a href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/\" target=\"_blank\" rel=\"noopener\">h\u01b0\u1edbng d\u1eabn t\u1ea1o SSH Key v\u00e0 c\u1ea5u h\u00ecnh \u0111\u0103ng nh\u1eadp kh\u00f4ng m\u1eadt kh\u1ea9u<\/a> v\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/\" target=\"_blank\" rel=\"noopener\">c\u00e1ch \u0111\u1ed5i port SSH \u0111\u1ec3 gi\u1ea3m exposure<\/a> tr\u00ean blog InterData.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>T\u00f3m t\u1eaft nhanh: Fail2ban ch\u1ed1ng brute-force SSH b\u1eb1ng c\u00e1ch li\u00ean t\u1ee5c gi\u00e1m s\u00e1t file log h\u1ec7 th\u1ed1ng (auth.log tr\u00ean Ubuntu, secure tr\u00ean CentOS) \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c \u0111\u1ecba ch\u1ec9 IP \u0111\u0103ng nh\u1eadp sai m\u1eadt kh\u1ea9u nhi\u1ec1u l\u1ea7n. Khi s\u1ed1 l\u1ea7n th\u1ea5t b\u1ea1i v\u01b0\u1ee3t ng\u01b0\u1ee1ng maxretry, Fail2ban t\u1ef1 \u0111\u1ed9ng th\u00eam rule v\u00e0o t\u01b0\u1eddng l\u1eeda (iptables, UFW,<\/p>\n","protected":false},"author":2,"featured_media":40389,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"class_list":["post-40380","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/40380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=40380"}],"version-history":[{"count":4,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/40380\/revisions"}],"predecessor-version":[{"id":40390,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/40380\/revisions\/40390"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/40389"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=40380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=40380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=40380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}