安装
apt-get update
apt-get install -y iptables fail2ban
systemctl enable --now fail2ban
配置 SSH 防爆破
vim /etc/fail2ban/jail.local
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 1d
配置自定义规则(frp 转发 SSH 防爆破)
vim /etc/fail2ban/filter.d/frps_aml.conf
[Definition]
failregex = ^.*\[.*19222_aml_ssh.*\] get a user connection \[<HOST>:[0-9]*\]
ignoreregex =
追加到 vim /etc/fail2ban/jail.local
[aml]
enabled = true
port = 19222
filter = frps_aml
logpath = /var/log/frp/frps.log
maxretry = 10
bantime = 1d
systemctl restart fail2ban
常用命令
# 查看失败登录记录(指定日期范围)
lastb -s 2022-10-16 -t 2022-10-18
# 解除封禁
fail2ban-client set sshd unbanip IP_ADDRESS
# 查看状态
fail2ban-client status sshd