From 0a526068253c7b5640347ab24f0adac448bc528b Mon Sep 17 00:00:00 2001
From: happybell80 <happybell80@naver.com>
Date: Wed, 24 Sep 2025 14:45:51 +0900
Subject: [PATCH] =?UTF-8?q?=EB=B3=B4=EC=95=88=20=EB=AC=B8=EC=84=9C:=20?=
 =?UTF-8?q?=EC=9D=98=EC=82=AC=EC=BD=94=EB=93=9C=20=EC=A0=9C=EA=B1=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- SSH 방어 섹션 의사코드를 설명으로 변경

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../250826_security_attack_detection.md       | 29 ++++---------------
 1 file changed, 6 insertions(+), 23 deletions(-)

diff --git a/troubleshooting/250826_security_attack_detection.md b/troubleshooting/250826_security_attack_detection.md
index e2cb31e..599ec99 100644
--- a/troubleshooting/250826_security_attack_detection.md
+++ b/troubleshooting/250826_security_attack_detection.md
@@ -250,34 +250,17 @@ sudo iptables -L INPUT -n -v | grep DROP
 
 ### 9.2 방어 조치
 1. **즉시 차단 (iptables)**
-   ```bash
-   sudo iptables -A INPUT -s 103.251.247.158 -j DROP
-   sudo iptables -A INPUT -s 112.216.129.27 -j DROP
-   sudo iptables -A INPUT -s 85.235.135.46 -j DROP
-   ```
+   - 공격 IP 3개 DROP 규칙 추가
 
 2. **fail2ban 구성**
-   - 설치: `sudo apt-get install fail2ban`
+   - 설치: fail2ban 패키지
    - 설정 파일: `/etc/fail2ban/jail.d/ssh-custom.conf`
-   ```
-   [sshd]
-   enabled = true
-   maxretry = 3
-   findtime = 600
-   bantime = 86400
-   ignoreip = 127.0.0.1/8 192.168.219.0/24
-
-   [sshd-aggressive]
-   enabled = true
-   maxretry = 2
-   findtime = 300
-   bantime = 604800
-   ```
+   - sshd jail: 3회 실패/600초 → 86400초 차단
+   - sshd-aggressive: 2회 실패/300초 → 604800초 차단
+   - 내부 네트워크 제외: 127.0.0.1/8, 192.168.219.0/24
 
 3. **영구 저장**
-   ```bash
-   sudo netfilter-persistent save
-   ```
+   - netfilter-persistent로 iptables 규칙 저장
 
 ### 9.3 현재 상태
 - **총 차단 IP**: 18개 (HTTP 공격 14개 + SSH 공격 4개)