50 lines
1.2 KiB
Markdown
50 lines
1.2 KiB
Markdown
|
>https://www.cnblogs.com/liujunqiao/p/10719942.html
|
|||
|
|
|
|||
|
|
* yum -y install epel-release
|
|||
|
|
```#epel库里就有fail2ban 直接安装epel库就可以使用```
|
|||
|
|
* yum -y install fail2ban
|
|||
|
|
```#安装fail2ban```
|
|||
|
|
* systemctl enable fail2ban
|
|||
|
|
* cd /etc/fail2ban
|
|||
|
|
* cp jail.conf jail.local
|
|||
|
|
|
|||
|
|
> 可以删除所有配置,配置以下内容
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
[sshd-iptables]
|
|||
|
|
enabled = true
|
|||
|
|
port = 22922
|
|||
|
|
filter = sshd
|
|||
|
|
# 过滤参数,对应filter.d 目录下的动作
|
|||
|
|
action = iptables[name=SSH, port=22922, protocol=tcp]
|
|||
|
|
# 动作参数 ,对应actioin.d目录下的动作,当前使用iptables
|
|||
|
|
logpath = %(sshd_log)s
|
|||
|
|
backend = %(sshd_backend)s
|
|||
|
|
maxretry = 3
|
|||
|
|
findtime = 10m
|
|||
|
|
# 10分钟内输错3次
|
|||
|
|
bantime = 60m
|
|||
|
|
# 60分钟内禁止链接,实际为iptables增加了reject规则
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
* systemctl start fail2ban
|
|||
|
|
* systemctl status fail2ban
|
|||
|
|
* fail2ban-client status
|
|||
|
|
|
|||
|
|
查看fail2ban已经操作的ip
|
|||
|
|
> iptables -nL
|
|||
|
|
```
|
|||
|
|
Chain f2b-SSH (1 references)
|
|||
|
|
target prot opt source destination
|
|||
|
|
RETURN all -- 0.0.0.0/0 0.0.0.0/0
|
|||
|
|
```
|
|||
|
|
* 解封ip
|
|||
|
|
```
|
|||
|
|
fail2ban-client set sshd-iptables unbanip xxx.xxx.xxx.xxx
|
|||
|
|
|
|||
|
|
set 后面的参数 为 jail.local 里面 [xxxx] 对应的节点 sshd-iptables
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|