fail2ban的安装与配置

Debian Fail2ban安装配置

ufw安装配置

安装ufw

1
$ apt install ufw -y

配置ufw

允许常用的端口:ssh http https ,如有其他端口需要放行,执行 ufw allow port 即可。

1
2
3
$ ufw allow ssh
$ ufw allow http
$ ufw allow https

默认禁止访问其他端口

1
$ ufw default deny

ufw 生效

1
$ ufw enable

禁用ufw

1
$ ufw disable

fail2ban安装配置

安装fail2ban

安装fail2ban

1
$ apt install fail2ban -y

配置fail2ban

编辑配置文件 /etc/fail2ban/jail.local ,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 300
maxretry = 5
banaction = ufw  
action = %(action_mwl)s

[sshd]
enabled = true
filter = sshd
port = 22
maxretry = 5
findtime = 300
bantime = 86400
action = %(action_mwl)s
logpath = /var/log/auth.log

[ftpd]
enabled = true
filter = pure-ftpd
port = 21
maxretry = 5
findtime = 300
bantime = 86400
action = %(action_mwl)s
logpath = /var/log/messages

重启fail2ban

1
$ systemctl restart fail2ban

查看fail2ban的sshd状态

1
$ fail2ban-client status sshd
1
2
3
4
5
6
7
8
9
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	/var/log/auth.log
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:

解除ip限制

1
$ fail2ban-client unban 192.168.1.100