vault backup: 2025-12-04 09:12:56

2025-12-04 09:12:56 +08:00
commit 71e83861de
300 changed files with 339584 additions and 0 deletions
--- a/技术探究/Linux/Fail2ban.md
+++ b/技术探究/Linux/Fail2ban.md
@@ -0,0 +1,49 @@
+>https://www.cnblogs.com/liujunqiao/p/10719942.html
+
+* yum -y install epel-release    
+```#epel库里就有fail2ban 直接安装epel库就可以使用```
+* yum -y install fail2ban        
+```#安装fail2ban```
+* systemctl enable fail2ban
+* cd /etc/fail2ban
+* cp jail.conf  jail.local
+
+> 可以删除所有配置，配置以下内容
+
+```
+[sshd-iptables]
+enabled = true
+port = 22922
+filter = sshd
+# 过滤参数，对应filter.d 目录下的动作
+action = iptables[name=SSH, port=22922, protocol=tcp]
+# 动作参数 ，对应actioin.d目录下的动作，当前使用iptables
+logpath = %(sshd_log)s
+backend = %(sshd_backend)s
+maxretry = 3
+findtime = 10m
+# 10分钟内输错3次
+bantime = 60m
+# 60分钟内禁止链接，实际为iptables增加了reject规则
+```
+
+* systemctl start fail2ban
+* systemctl status fail2ban
+* fail2ban-client status
+
+查看fail2ban已经操作的ip
+> iptables -nL
+```
+Chain f2b-SSH (1 references)
+target     prot opt source               destination         
+RETURN     all  --  0.0.0.0/0            0.0.0.0/0  
+```
+* 解封ip
+```
+fail2ban-client set sshd-iptables unbanip xxx.xxx.xxx.xxx
+
+set 后面的参数 为 jail.local 里面 [xxxx] 对应的节点 sshd-iptables
+```
+
+
+