[root@kazihuo /srv]# wget https://github.com/fail2ban/fail2ban/archive/0.8.14.tar.gz
[root@kazihuo /srv]# tar -axvf fail2ban-0.8.14.tar.gz
# 環境要求python版本>=2.6
[root@kazihuo /srv/fail2ban-0.8.14]# python setup.py install
# Centos6環境操作:
[root@kazihuo /srv/fail2ban-0.8.14/files]# cp -ap redhat-initd /etc/init.d/fail2ban
# Centos7環境操作:
[root@kazihuo /srv/fail2ban-0.8.14/files]# cp -ap fail2ban.service /usr/lib/systemd/system/
# 主要相關檔案說明:
[root@kazihuo ~]# ls /etc/fail2ban/
action.d #動作檔案夾,含預設檔案iptables及mail等動作配置;
fail2ban.conf #定義服務日志級别、位置及sock檔案位置;
filter.d #條件檔案夾,過濾日志關鍵字内容設定;
jail.conf #主要配置檔案,設定ban做東的服務及動作門檻值;
# 對應修改配置檔案内容
[root@kazihuo ~]# cat /etc/fail2ban/jail.conf
[ssh-iptables]
bantime = 180 # 禁止時間
findtime = 120 # 允許連接配接時輸出密碼次數的指定時間内
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 2
[root@kazihuo ~]# systemctl start fail2ban.service
# 當用另一台伺服器2次連接配接錯誤測試時,本伺服器自動屏蔽另一台伺服器ip,180s後解鎖,同時防火牆添加了對應規則:
[root@kazihuo ~]# iptables -L -n
Chain fail2ban-SSH (1 references)
target prot opt source destination
REJECT all -- 192.168.10.16 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
# 檢視資訊
[root@kazihuo ~]# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
[root@kazihuo ~]# fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- filter
| |- File list: /var/log/secure
| |- Currently failed: 0
| `- Total failed: 4
`- action
|- Currently banned: 1
| `- IP list: 192.168.10.16
`- Total banned: 2
# 當需要清空屏蔽的ip時,進行以下操作:
[root@kazihuo ~]# > /var/log/secure
[root@kazihuo ~]# systemctl restart fail2ban.service
-------------------------------------------------------------
作者:
羅穆瑞出處:
http://www.cnblogs.com/kazihuo/轉載請保留此段聲明,且在文章頁面明顯位置給出原文連結,謝謝!
------------------------------------------------------------------------------
如果覺得這篇文章對你有小小的幫助的話,記得在右下角點個“推薦”哦,部落客在此感謝!