在 CentOS 6.x 64Bit 安裝 Fail2Ban
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# yum install fail2ban
# service fail2ban start
# chkconfig fail2ban on
設定檔
/etc/fail2ban/fail2ban.conf
QUOTE:
搜尋:
logtarget = SYSLOG
改為:
logtarget = /var/log/fail2ban.log
(這是設定 fail2ban 的記錄檔位置,如果這個檔案沒有設定好,會在終端機跳出要記錄的訊息)
修改 /etc/fail2ban/jail.conf
Fail2Ban 預設只啟用 ssh 的防護,下面我們要將 vsftpd 的防護也打開,並做一些設定上的修改:
QUOTE:
[ssh-iptables]
enabled = true # 啟用 SSH
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure # 偵測 Log 檔的位置
maxretry = 5 # 登入失敗幾次封鎖
ignoreip = 127.0.0.1 #忽略的IP列表,不受設置限制(白名單)
bantime = 7200 # 封鎖的時間,單位:秒,7200=2小時
[vsftpd-iptables]
enabled = true # 改為 true 以啟用 vsftpd
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath = /var/log/secure # 偵測 Log 檔的位置 (log 檔的位置與 ssh 相同)
maxretry = 5 # 登入失敗幾次封鎖
ignoreip = 127.0.0.1 #忽略的IP列表,不受設置限制(白名單)
bantime = 3600 # 封鎖的時間,單位:秒,3600=1小時
Fail2Ban 相關指令
查看 Fail2Ban 的執行狀態
$ fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: ssh-iptables, vsftpd-iptables
查看設定檔的執行狀態
$ fail2ban-client status ssh-iptables
Status for the jail: ssh-iptables
|- filter
| |- File list: /var/log/secure
| |- Currently failed: 0
| `- Total failed: 5
`- action
|- Currently banned: 1
| `- IP list: 192.168.100.101
`- Total banned: 1
$ fail2ban-client status vsftpd-iptables
Status for the jail: vsftpd-iptables
|- filter
| |- File list: /var/log/secure
| |- Currently failed: 1
| `- Total failed: 6
`- action
|- Currently banned: 1
| `- IP list: 192.168.100.101
`- Total banned: 1
參考: http://www.vixual.net/blog/archives/252
最新回復