基于 CentOS / CentOS Stream / RHEL 的操作系统
确保您的系统是最新的,并安装 EPEL 存储库:
yum update -y && yum install epel-release -y
安装 Fail2Ban:
yum install fail2ban
启动并启用 Fail2ban:
systemctl start fail2ban
systemctl enable fail2ban
如果遇到错误,请手动创建目录:no directory /var/run/fail2ban to contain the socket file /var/run/fail2ban/fail2ban.sock
mkdir /var/run/fail2ban
Debian / Ubuntu的
确保您的系统是最新的:
apt update && apt upgrade
安装 Fail2ban:
apt install fail2ban
服务将自动启动。
Fedora
更新系统:
dnf update
安装 Fail2ban:
dnf install fail2ban
启动并启用 Fail2ban:
systemctl start fail2ban
systemctl enable fail2ban
Sorry but the jail ‘sshd’ does not exist如果有这样的提示,请看下面的配置
配置Fail2Ban防护SSH
进入fail2ban的目录,复制一份配置文件:
cd /etc/fail2ban
cp fail2ban.conf fail2ban.local
cp jail.conf jail.local
jail.local 文件如果存在的话,可以自行备份下。
修改 jail.local 配置文件启动sshd策略:vim jail.local
定位到285行左右(目的是在[sshd]的下面配置),添加一行enabled = true
:
[sshd]
280
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
修改sshd策略:
vim fail2ban.local
最后一行,添加如下内容:(如果你使用Ubuntu,则注释第6行,取消注释第9行)
[sshd]
enabled = ture
port = 22 # 注意改成自己对应的ssh端口
filter =sshd
# CentOS
logpath = /var/log/secure
# Ubuntu
# logpath = /var/log/auth.log
maxretry = 5 # 最大尝试次数
bantime = 1800 #封禁时间,单位s。-1为永久封禁
重启即可生效:
systemctl restart fail2ban # 重启
fail2ban-client status # 查看状态
fail2ban-client status sshd # 查看sshd的详细状态
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容