一,官网:
https://www.fail2ban.org
会跳转到代码站:
https://github.com/fail2ban/fail2ban
二,安装:
用yum 安装:
[root@blog ~]# yum install fail2ban
安装后查看状态:未启动
[root@blog ~]# systemctl status fail2ban.service
○ fail2ban.service - Fail2Ban Service
Loaded: loaded (;;file://blog/usr/lib/systemd/system/fail2ban.service/usr/lib/systemd/system/
fail2ban.service;;; disabled; preset: disabled)
Active: inactive (dead)
Docs: ;;man:fail2ban(1)man:fail2ban(1);;
安装后查看版本:
[root@blog ~]# fail2ban-server --version
Fail2Ban v1.0.2
三,安装后配置
[root@blog fail2ban]# more jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 86400
findtime = 600
maxretry = 5
banaction = firewallcmd-ipset
action = %(action_mwl)s
[sshd]
enabled = true
filter = sshd
port = 22
action = %(action_mwl)s
logpath = /var/log/secure
含义:
ignoreip:IP白名单,白名单中的IP不会屏蔽,可填写多个以(,)分隔
bantime:屏蔽时间,单位为秒(s)
findtime:时间范围
maxretry:最大次数
banaction:屏蔽IP所使用的方法,上面使用firewalld屏蔽端口
[sshd]:名称,可以随便填写
filter:规则名称,必须填写位于filter.d
目录里面的规则,sshd是fail2ban内置规则
port:对应的端口
action:采取的行动
logpath:需要监视的日志路径
上面的配置意思是如果同一个IP,在10分钟内,如果连续超过5次错误,则使用Firewalld将他IP ban了
四,启动,并查看效果:
启动:
[root@blog fail2ban]# systemctl start fail2ban.service
查看状态:
[root@blog fail2ban]# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (;;file://blog/usr/lib/systemd/system/fail2ban.service/usr/lib/
systemd/system/fail2ban.service;;; disabled; preset: disabled)
Active: active (running) since Fri 2024-08-23 19:23:30 CST; 3s ago
Docs: ;;man:fail2ban(1)man:fail2ban(1);;
Process: 1746798 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
查看sshd这个监狱中已ban掉的ip:
banned ip list一项即是:
[root@blog fail2ban]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
标签:sshd,centos,service,IP,blog,fail2ban,linux,root From: https://www.cnblogs.com/architectforest/p/18376959