安装配置脚本(ssh 端口和 ignoreip 自行修改):
# 创建 auth.log(防止文件不存在时,fail2ban 启动报错) touch /var/log/auth.log # 安装 rsyslog、fail2ban 和 nftables apt update apt install rsyslog fail2ban nftables -y systemctl enable rsyslog systemctl enable fail2ban systemctl enable nftables # 编写 jail.local tee /etc/fail2ban/jail.local << 'EOF' [DEFAULT] # 基础封禁参数 bantime = 7200 findtime = 600 maxretry = 5 # 递进式封禁设置 bantime.increment = true bantime.factor = 2 bantime.max = -1 # 惯犯快速通道 recidive.threshold = 3 recidive.bantime = -1 # 网络层配置 banaction = nftables-multiport chain = input # 白名单(务必添加你的管理IP!) ignoreip = 127.0.0.1/8 ::1 192.168.100.0/24 192.168.1.0/24 [sshd] # SSH服务保护配置 enabled = true port = 22 filter = sshd logpath = /var/log/auth.log EOF # 重启 fail2ban systemctl restart fail2ban
常用指令:
# 查看 fail2ban 运行状态 systemctl status fail2ban # 查看封禁 IP 列表 fail2ban-client status sshd # 手动封禁指定 IP fail2ban-client set sshd banip 111.183.145.241 # 解封指定 IP fail2ban-client set sshd unbanip 111.183.145.241 # 解封所有 IP fail2ban-client unban --all # 查看 fail2ban 日志 tail -f /var/log/fail2ban.log # 重启 fail2ban systemctl restart fail2ban # 查看登录失败日志 tail -f /var/log/auth.log | egrep --color=auto "Failed (password|publickey)|invalid user|Connection (closed|refused)|authentication failure|not allowed"
清理并查看最新日志:
> /var/log/fail2ban.log > /var/log/auth.log fail2ban-client unban --all systemctl restart fail2ban sleep 2 fail2ban-client status sshd
OpenWrt 版参考这个:https://www.cnblogs.com/nihaorz/p/19660788
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。