1、安装
基于RedHat/Centos系统
1.1、安装 epel 源
yum install -y epel-release
1.2、安装 Fail2ban
yum install -y fail2ban
1.3、启动 Fail2ban 服务
systemctl start fail2ban
1.4、开机自启动
systemctl enable fail2ban
1.5、查看 Fail2ban 服务状态
systemctl status fail2ban2、配置
在/etc/fail2ban目录下,增加文件jail.local,内容添加如下
#DEFAULT-START
[DEFAULT]
bantime = 600
findtime = 300
maxretry = 5
banaction = iptables-allports
action = %(action_mwl)s
#DEFAULT-END
[sshd]
ignoreip = 127.0.0.0/8
enabled = true
filter = sshd
port = 22
maxretry = 5
findtime = 300
bantime = 600
banaction = iptables-allports
action = %(action_mwl)s
logpath = /var/log/secure配置说明:
[sshd]
ignoreip = 127.0.0.1/8 # 白名单
enabled = true # 开关
filter = sshd # 过滤器
port = 22 # 端口
maxretry = 2 # 最大尝试次数
findtime = 300 # 发现周期 单位s
bantime = 600 # 封禁时间,单位s。-1为永久封禁
action = %(action_mwl)s
banaction = iptables-multiport # 禁用方式
logpath = /var/log/secure # SSH 登陆日志位置重启生效:
systemctl restart fail2ban未添加上述配置,使用如下命令:
fail2ban-client status sshd
会出现如下错误:
