Fail2ban

Ubuntu/Debian安装

sudo apt-get install fail2ban

源码安装

git clone https://github.com/fail2ban/fail2ban.git
cd fail2ban
sudo python setup.py install

Debian 12 手动安装 rsyslog

sudo apt-get install rsyslog

配置信息

cd /etc/fail2ban
cp jail.conf jail.local
cp fail2ban.conf fail2ban.local

注意，修改jail.local和fail2ban.local同样有效。输入vi jail.local可修改配置信息。
启动服务

sudo systemctl start fail2ban

开机启动

sudo systemctl enable fail2ban

服务状态

sudo systemctl status fail2ban

重启服务

systemctl restart fail2ban

查看启用

fail2ban-client status
fail2ban-client status sshd

手动解除限制ip

fail2ban-client unban 127.0.0.1
fail2ban-client unban --all

默认配置

#DEFAULT-START
[DEFAULT]
bantime = 600
findtime = 300
maxretry = 5
banaction = firewallcmd-ipset
action = %(action_mwl)s
#DEFAULT-END
    
[sshd]
ignoreip = 127.0.0.1/8               # 白名单
enabled = true
filter = sshd
port = 22                            # 端口
maxretry = 2                         # 最大尝试次数
findtime = 300                       # 发现周期 单位s
bantime = 600                        # 封禁时间，单位s。-1为永久封禁
action = %(action_mwl)s
banaction = iptables-multiport       # 禁用方式
logpath = /var/log/secure            # SSH 登陆日志位置