Tips: 本文创建于2016年8月16日,已超过 2 年,内容或图片可能已经失效!

fail2ban 安装使用

官网

安装

yum install python iptables rsyslog -y  
service rsyslog restart  
  
[[email protected] src]# pwd  
/usr/src  
[[email protected] src]# tar zxvf fail2ban-0.9.4.tar.gz  
[[email protected] src]# cd fail2ban-0.9.4  
[[email protected] fail2ban-0.9.4]# python setup.py install  
[[email protected] fail2ban-0.9.4]# cp -rf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local  
[[email protected] fail2ban-0.9.4]# sed -i 's/# \[sshd\]/\[sshd\]/g' /etc/fail2ban/jail.local  
[[email protected] fail2ban-0.9.4]# sed -i 's/# enabled = true/enabled = true/g' /etc/fail2ban/jail.local  
[[email protected] fail2ban-0.9.4]# vim /etc/init.d/fail2ban  
PATH=/usr/sbin:/usr/bin:/sbin:/bin  
NAME=fail2ban  
  
# fail2ban-client is not a daemon itself but starts a daemon and  
# loads its with configuration  
DAEMON=/usr/bin/$NAME-client  
SCRIPTNAME=/etc/init.d/$NAME  
  
# Exit if the package is not installed  
[ -x "$DAEMON" ] || exit 0  
  
do_start()  
{  
    # Assure that /var/run/fail2ban exists  
    [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban  
  
    echo -n "Starting fail2ban..."  
    $DAEMON -x start > /dev/null  
    if [ $? -eq 0 ]; then  
        echo " done"  
    else  
        echo " failed"  
    fi  
}  
  
do_status()  
{  
    $DAEMON ping > /dev/null 2>&1  
    if [ $? -eq 0 ]; then  
        echo "fail2ban is running."  
    else  
        echo "fail2ban is stop."  
    fi  
}  
  
do_stop()  
{  
    echo -n "Stopping fail2ban..."  
    $DAEMON stop > /dev/null || return 2  
    if [ $? -eq 0 ]; then  
        echo " done"  
    else  
        echo " failed"  
    fi  
}  
  
do_reload() {  
    echo -n "Reloading fail2ban..."  
    $DAEMON reload > /dev/null  
    if [ $? -eq 0 ]; then  
        echo " done"  
    else  
        echo " failed"  
    fi  
}  
 &
nbsp;
command="$1"  
case "$command" in  
    start|force-start)  
        do_start "$command"  
        ;;  
  
    stop)  
        do_stop  
        ;;  
  
    restart|force-reload)  
        do_stop  
        do_start  
        ;;  
  
    reload|force-reload)  
        do_reload  
        ;;  
  
    status)  
        do_status  
        ;;  
    *)  
        echo "Usage: $SCRIPTNAME {start|force-start|stop|restart|force-reload|status}" >&2  
        ;;  
esac  
[[email protected] fail2ban-0.9.4]# chmod +x /etc/init.d/fail2ban  
[[email protected] fail2ban-0.9.4]# sed -i 's#%(sshd_log)s#/var/log/secure#g' /etc/fail2ban/jail.local

jail.local 基本配置

[DEFAULT]  
# 以空格分隔的列表,可以是 IP 地址、CIDR 前缀或者 DNS 主机名  
# 用于指定哪些地址可以忽略 fail2ban 防御  
ignoreip = 127.0.0.1 172.31.0.0/24 10.10.0.0/24 192.168.0.0/24  
# 客户端主机被禁止的时长(秒)  
bantime = 86400  
# 客户端主机被禁止前允许失败的次数   
maxretry = 5  
# 查找失败次数的时长(秒)  
findtime = 600  
[ssh-iptables]  
enabled = true  
filter = sshd  
action = iptables[name=SSH, port=ssh, protocol=tcp]  
sendmail-whois[name=SSH, [email protected], [email protected]]  
# Debian 系的发行版   
logpath = /var/log/auth.log  
# Red Hat 系的发行版  
logpath = /var/log/secure  
# ssh 服务的最大尝试次数   
maxretry = 3