1.安装:
rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
yum -y install fail2ban
2.配置
/etc/fail2ban/fail2ban.conf 可默认 #logtarget = /var/log/fail2ban.log 输出到指定地方可查看
/etc/fail2ban/jail.conf
====================================
[INCLUDES]
before = paths-fedora.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 600
findtime = 600
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
enabled = true
filter = %(__name__)s
destemail = root@localhost
sender = root@localhost
mta = sendmail
protocol = tcp
chain = INPUT
port = 0:65535
banaction = iptables-multiport
# SSH servers
[sshd]
port = ssh
logpath = /var/log/messages #centos 是这个文件在记录
filter = sshd #这个名字与filter.d下面的配置文件对应
maxretry = 3 #连续失败3次
findtime = 600 # 查找失败次数的时长(秒)---多长时间内连续失败3次
bantime = 2592000 #一个月 --客户端主机被禁止的时长(秒
action = iptables[name=SSH, port=ssh, protocol=tcp]
====================================
4.启动和查看状态
chkconfig fail2ban on
service fail2ban start #如果启动不了或报错, 清空iptables -F,再试试
service fail2ban restatus
service fail2ban status
fail2ban-client status sshd #这个名字与filter.d下面的配置文件对应
5.解锁特定的IP地址
fail2ban-client set sshd unbanip 192.168.1.8 或删除iptables条目 iptables -D f2b-SSH -s 192.168.1.8-j DROP
by the way;
denyhost 也可以做到这样的功能,但他们是有区别的, 个人理解,有了解的请指正
denyhost 是全球共享数据库, 直接就禁用了不明的IP并且只是针对ssh服务
f2b 可能针对很多服务分别进行配置.像nginx等只要在filter.d里面的都能监控
扫一扫
501
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
