安装
使用包管理器安装
apt-get -y install fail2ban #apt系
yum -y install fail2ban #yum系目录结构
配置
主配置
/etc/fail2ban/fail2ban.conf
sed '/^#/d;/^$/d' fail2ban.conf
[DEFAULT]
loglevel = INFO
logtarget = /var/log/fail2ban.log
syslogsocket = auto
socket = /var/run/fail2ban/fail2ban.sock
pidfile = /var/run/fail2ban/fail2ban.pid
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
dbpurgeage = 1d
dbmaxmatches = 10
[Definition]
[Thread]封禁配置
在/etc/fail2ban/jail.d/自行新建conf文件
sed '/^#/d;/^$/d' sshd.conf
[DEFAULT]
bantime = 1d #封禁时间
findtime = 10m #时间维度
maxretry = 5 #最大重试/失败次数
ignoreip = 127.0.0.1/8 #忽略ip,空格分割,127.0.0.1/8 192.168.1.10
[sshd]
enabled = true #开启fail2ban-client
fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 48
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 91.92.249.215
-----------------------------------------------------------
root@ali:~# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
-----------------------------------------------------------
fail2ban-client banned
[{'sshd': ['91.92.249.215']}]
-----------------------------------------------------------
fail2ban-client set sshd banip 1.2.3.4
-----------------------------------------------------------
fail2ban-client set sshd unbanip 1.2.3.4
-----------------------------------------------------------
小结
fail2ban官方自带的所有过滤规则
/etc/fail2ban/filter.d