主页 > 建站 > centos安装fail2ban防止VPS被暴力破解

centos安装fail2ban防止VPS被暴力破解

2015年10月19日 centos安装fail2ban防止VPS被暴力破解无评论 阅读: 11,003 次

安装fail2ban:

yum install fail2ban

安装版本0.9.3
Installing : fail2ban-0.9.3-1.el6.noarch

修改/etc/fail2ban/fail2ban.conf,更改日志路径
#logtarget = SYSLOG
logtarget =/var/log/fail2ban.log

在/etc/fail2ban目录添加jail.local来定义拦截规则(不要直接修改jail.conf)
[ssh-iptables]
ignoreip = 127.0.0.1/8 58.0.0.0/8
bantime = 3600
findtime = 3600
#enabled = false
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
# mail-whois[name=SSH, dest=yourmail@mail.com]
logpath = /var/log/secure
maxretry = 3
使用 fail2ban-client命令调试,参考:
12

fail2ban-client start

查看记录/var/log/fail2ban.log

自启动
service fail2ban start

匹配规则测试
fail2ban-regex /www/wdlinux/nginx/logs/access.log /etc/fail2ban/filter.d/nginx-bot.conf

如果iptables时1.4.20版本以前的,还需修改/etc/fail2ban/action.d/iptables-common.conf,因为不支持-w参数:

# Option: lockingopt
# Notes.: Option was introduced to iptables to prevent multiple instances from
# running concurrently and causing irratic behavior. -w was introduced
# in iptables 1.4.20, so might be absent on older systems
# See https://github.com/fail2ban/fail2ban/issues/1122
# Values: STRING
#lockingopt = -w
lockingopt =

另注意:日志中的时间需要和当前时间同步,如果不同步,就需要把findtime时间改大,覆盖日志时间
 

发表评论

新用户的评论需审核后才会显示;

电子邮件地址不会被公开;
必填项已用*标注