centos 7 换源参考CentOS 7.9 停止维护(2024-6-30)后可用在线yum源 ------ 筑梦之路_centos停止维护-CSDN博客
安装fail2ban
bash
yum install fail2ban新增配置文件
bash
cat > /etc/fail2ban/action.d/hostsdeny.conf << EOF
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = echo "ALL: <ip>" >> /etc/hosts.deny
actionunban = sed -i.bak "/\<ip\>/d" /etc/hosts.deny
EOF
cat > /etc/fail2ban/jail.local << EOF
#defalut这里是设定全局设置,如果下面的监控没有设置就以全局设置的值设置。
[DEFAULT]
# 用于指定哪些地址ip可以忽略 fail2ban 防御,以空格间隔。
ignoreip = 127.0.0.1/8
# 客户端主机被禁止的时长(默认单位为秒)
bantime = 86400
# 过滤的时长(秒)
findtime = 600
# 匹配到的阈值(次数)
maxretry = 5
[ssh-iptables]
# 是否开启
enabled = true
# 过滤规则
filter = sshd
port = 22
# 动作 发送邮件一定要加在action 后面,一定要注意位置
#action = hostsdeny
banaction = hostsdeny
banaction_allports = hostsdeny-allports
# 日志文件的路径
logpath = /var/log/secure
# 匹配到的阈值(次数)
maxretry = 5
EOF启动服务
bash
systemctl enable fail2ban --now
# 查看被封禁的ip
fail2ban-client status ssh-iptables