[root@kazihuo /srv]# wget https://github.com/fail2ban/fail2ban/archive/0.8.14.tar.gz
[root@kazihuo /srv]# tar -axvf fail2ban-0.8.14.tar.gz
# 环境要求python版本>=2.6
[root@kazihuo /srv/fail2ban-0.8.14]# python setup.py install
# Centos6环境操作:
[root@kazihuo /srv/fail2ban-0.8.14/files]# cp -ap redhat-initd /etc/init.d/fail2ban
# Centos7环境操作:
[root@kazihuo /srv/fail2ban-0.8.14/files]# cp -ap fail2ban.service /usr/lib/systemd/system/
# 主要相关文件说明:
[root@kazihuo ~]# ls /etc/fail2ban/
action.d #动作文件夹,含默认文件iptables及mail等动作配置;
fail2ban.conf #定义服务日志级别、位置及sock文件位置;
filter.d #条件文件夹,过滤日志关键字内容设置;
jail.conf #主要配置文件,设置ban做东的服务及动作阈值;
# 对应修改配置文件内容
[root@kazihuo ~]# cat /etc/fail2ban/jail.conf
[ssh-iptables]
bantime = 180 # 禁止时间
findtime = 120 # 允许连接时输出密码次数的指定时间内
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 2
[root@kazihuo ~]# systemctl start fail2ban.service
# 当用另一台服务器2次连接错误测试时,本服务器自动屏蔽另一台服务器ip,180s后解锁,同时防火墙添加了对应规则:
[root@kazihuo ~]# iptables -L -n
Chain fail2ban-SSH (1 references)
target prot opt source destination
REJECT all -- 192.168.10.16 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
# 查看信息
[root@kazihuo ~]# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
[root@kazihuo ~]# fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- filter
| |- File list: /var/log/secure
| |- Currently failed: 0
| `- Total failed: 4
`- action
|- Currently banned: 1
| `- IP list: 192.168.10.16
`- Total banned: 2
# 当需要清空屏蔽的ip时,进行以下操作:
[root@kazihuo ~]# > /var/log/secure
[root@kazihuo ~]# systemctl restart fail2ban.service