- fail2ban的安装
yum install epel-release yum install fail2ban fail2ban-systemd
- fail2ban的配置
复制配置文件 jail.local
cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
查看jail.local
nano /etc/fail2ban/jail.local
创建一个新文件
nano /etc/fail2ban/jail.d/sshd.local
添加如下内容:最长用的是ssh的22端口的防止暴力破解
[sshd] enabled = true port = ssh action = firewallcmd-ipset logpath = %(sshd_log)s maxretry = 5 bantime = 86400
- 启动fail2ban服务
systemctl enable fail2ban //设置成系统服务 systemctl start fail2ban //安装完成之后,启用Fail2ban systemctl restart fail2ban systemctl status fail2ban //查询fail2ban的软件运行状态 systemctl restart firewalld fail2ban-client status //查询fail2ban服务状态 fail2ban-client status sshd //查询某个jail的详细信息
- 查看fail2ban日志的日志
cat /var/log/secure | grep 'Failed password' //检查是否通过ssh端口尝试登录服务器失败 fail2ban-client set sshd unbanip 1.1.1.1 //删除某个被ban的ip
参考资料:
- https://www.lizenghai.com/archives/19150.html
- http://www.vpswe.com/linux/699.html
- https://xmyunwei.com/1612.html
- https://www.tecmint.com/install-fail2ban-to-protect-ssh-on-centos-rhel/