1.先安装套件库

   yum install epel-release

   参考:http://kirby86a.pixnet.net/blog/post/118589751-centos-linux-release-7.5.1804-%E5%AE%89%E8%A3%9D%E5%A5%97%E4%BB%B6%E5%BA%AB

2.安装支援支援firewalld的fail2ban

   yum install fail2ban-firewalld fail2ban-systemd fail2ban-server fail2ban-sendmail

3.新增参数档

  复制预设参数档为jail.local ,避免更新后jail.conf和fail2ban.con被覆盖

  cp /etc/fail2ban/jail.conf cp/etc/fail2ban/jail.local

4.设定参数档

   (1)vi /etc/fail2ban/jail.local

   (2)保护sshd机制预设不启动,启用sshd保护机制,找到 [sshd] 字样,于下方加上enabled = true

      [sshd]

      enabled = true

    (3) 修改封锁IP时间,单位是秒,预设为600秒,请修改为你喜欢的秒数,范例修改为86400 秒(24小时)

         bantime = 86400

    (4)修改检测时间,在此时间内登入帐号失败超过maxretry规定的次数会启用Fail2ban封锁IP,单位是秒 ,预设为600秒

        findtime = 60

    (5)修改尝试次数,此参数搭配findtime,预设值为5

        maxretry = 3

5.设定开机启动fail2ban

  sudo systemctl enable fail2ban

6.启动fail2ban

  sudo systemctl start fail2ban

7.常用指令:

  (1)检查fail2ban执行状态

    fail2ban-client status

  (2)检查fail2ban sshd防护执行状态

   fail2ban-client status sshd

  (3)解除被封锁IP

     fail2ban-client set sshd unbanip 被封锁的ip

  (4)封锁ip

      fail2ban-client set sshd banip 要封锁的ip

   其他指令说明:http://www.fail2ban.org/wiki/index.php/Commands

 8.记录档:

  /var/log/fail2ban.log

 

参考资料:

Fail2ban

相关文章