背景:之前写过shell脚本防止服务器ssh爆破,但是对于服务器的cpu占用较多,看来下资料安装fail2ban 可以有效控制ssh爆破
1:fail2ban 安装(环境:centos6 宝塔)
yum update && yum install epel-release
yum install fail2ban -y
systemctl start fail2ban && systemctl enable fail2ban (centos7)
service fail2ban start (centos6)
如果宝塔中无法安装fail2ban 可以查看这个链接:https://www.bt.cn/bbs/thread-47778-1-1.html
2:修改配置文件
cd /etc/fail2ban (fail2ban 配置文件的位置 jail.conf为主配置文件 相关的匹配规则位于filter.d目录)
vim /etc/fail2ban/jail.d/jail.local (设置规制)
#DEFAULT-START
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 86400000000000
findtime = 300
maxretry = 5
bannaction = iptables
action = %(action_mwl)s
#DEFAULT-END
#sshd-START
[ssh-iptables]
enabled = true
filter = sshd
port = 22
maxretry = 5
findtime = 3600
action = %(action_mwl)s
logpath = /var/log/secure
#sshd-END
#nginx-START
[nginx]
enabled = true
port = 80,443
filter = nginx
action = iptables[name=nginx, port=http, protocol=tcp]
logpath = /www/wwwlogs/access.log
bantime = 86400000000000
findtime = 60
maxretry = 5
#nginx-END
vim /etc/fail2ban/filter.d/nginx.conf
[Definition]
failregex = <HOST> -.*- .*HTTP/1.* 404 .*$
ignoreregex =
3:重启fail2ban程序
service fail2ban restart
4:查看禁止的Ip
fail2ban-client status ssh-iptables #ssh禁止的IP
fail2ban-client status nginx #nignx扫描禁止的IP
service fail2ban status #查看状态