Fail2ban on 王站站 /tags/fail2ban/ Recent content in Fail2ban on 王站站 王站站 /%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E /%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo zh Mon, 23 Apr 2018 01:04:23 +0000 fail2ban使用教程 /posts/275540922/ Mon, 23 Apr 2018 01:04:23 +0000 /posts/275540922/ <p><a href="https://github.com/fail2ban/fail2ban">GitHub</a></p> <h2 id="安装">安装</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">apt-get update </span></span><span class="line"><span class="cl">apt-get install -y iptables fail2ban </span></span><span class="line"><span class="cl">systemctl <span class="nb">enable</span> --now fail2ban </span></span></code></pre></div><h2 id="配置-ssh-防爆破">配置 SSH 防爆破</h2> <p><code>vim /etc/fail2ban/jail.local</code></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[sshd]</span> </span></span><span class="line"><span class="cl"><span class="na">enabled</span> <span class="o">=</span> <span class="s">true</span> </span></span><span class="line"><span class="cl"><span class="na">port</span> <span class="o">=</span> <span class="s">22</span> </span></span><span class="line"><span class="cl"><span class="na">filter</span> <span class="o">=</span> <span class="s">sshd</span> </span></span><span class="line"><span class="cl"><span class="na">logpath</span> <span class="o">=</span> <span class="s">/var/log/auth.log</span> </span></span><span class="line"><span class="cl"><span class="na">maxretry</span> <span class="o">=</span> <span class="s">3</span> </span></span><span class="line"><span class="cl"><span class="na">bantime</span> <span class="o">=</span> <span class="s">1d</span> </span></span></code></pre></div><h2 id="配置自定义规则frp-转发-ssh-防爆破">配置自定义规则(frp 转发 SSH 防爆破)</h2> <p><code>vim /etc/fail2ban/filter.d/frps_aml.conf</code></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[Definition]</span> </span></span><span class="line"><span class="cl"><span class="na">failregex</span> <span class="o">=</span> <span class="s">^.*\[.*19222_aml_ssh.*\] get a user connection \[&lt;HOST&gt;:[0-9]*\]</span> </span></span><span class="line"><span class="cl"><span class="na">ignoreregex</span> <span class="o">=</span> </span></span></code></pre></div><p>追加到 <code>vim /etc/fail2ban/jail.local</code></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[aml]</span> </span></span><span class="line"><span class="cl"><span class="na">enabled</span> <span class="o">=</span> <span class="s">true</span> </span></span><span class="line"><span class="cl"><span class="na">port</span> <span class="o">=</span> <span class="s">19222</span> </span></span><span class="line"><span class="cl"><span class="na">filter</span> <span class="o">=</span> <span class="s">frps_aml</span> </span></span><span class="line"><span class="cl"><span class="na">logpath</span> <span class="o">=</span> <span class="s">/var/log/frp/frps.log</span> </span></span><span class="line"><span class="cl"><span class="na">maxretry</span> <span class="o">=</span> <span class="s">10</span> </span></span><span class="line"><span class="cl"><span class="na">bantime</span> <span class="o">=</span> <span class="s">1d</span> </span></span></code></pre></div><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">systemctl restart fail2ban </span></span></code></pre></div><h2 id="常用命令">常用命令</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 查看失败登录记录(指定日期范围)</span> </span></span><span class="line"><span class="cl">lastb -s 2022-10-16 -t 2022-10-18 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 解除封禁</span> </span></span><span class="line"><span class="cl">fail2ban-client <span class="nb">set</span> sshd unbanip IP_ADDRESS </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 查看状态</span> </span></span><span class="line"><span class="cl">fail2ban-client status sshd </span></span></code></pre></div>