fail2ban实验

last demo2025-12-01 16:16

fail2ban实验

文章目录

fail2ban介绍

基于Python编写的日志管理工具,主要用于防止恶意软件攻击,它通过监控系统日志,发现异常行为并将其添加到黑名单中,从而阻止这些行为的发生,Fail2Ban可以根据不同的攻击类型和频率自动调整过滤规则,以提高系统的安全性。

实验准备

bash 复制代码 
#部署 firewall

[root@server ~ 13:42:48]# systemctl enable firewalld.service --now

#部署 fail2ban

[root@server ~ 13:43:18]# yum install -y fail2ban

[root@server ~ 13:45:36]# systemctl enable fail2ban.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/fail2bato /usr/lib/systemd/system/fail2ban.service.

#fail2ban 由 epel 仓库提供

#fail2ban 配置文件位于/etc/fail2ban,其中jail.conf是主配置文件,filter.d是相关匹配规则

[root@server ~ 13:45:47]# ls /etc/fail2ban/
action.d       fail2ban.d  jail.conf  paths-common.conf
fail2ban.conf  filter.d    jail.d     paths-fedora.conf

防止 SSH 爆破

bash 复制代码 
#新建jail.local覆盖fail2ban的一些默认规则

[root@server ~ 14:08:49]# cat /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 86400
findtime = 60
maxretry = 5
banaction = firewallcmd-ipset
action = %(action_mwl)s

[sshd]
enabled = true
filter  = sshd
port    = 22
action = %(action_mwl)s
logpath = /var/log/secure

[root@server ~ 13:51:54]# ls /etc/fail2ban/filter.d/sshd.conf 
/etc/fail2ban/filter.d/sshd.conf

[root@server ~ 13:52:14]# systemctl restart fail2ban.service 

#验证

[root@server ~ 13:52:26]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:	

[root@server ~ 13:53:17]# watch 'fail2ban-client status sshd'

#查看新增防火墙规则

[root@server ~ 14:08:52]# firewall-cmd --direct --get-all-rules 
ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports 22 -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable

[root@server ~ 14:09:28]# fail2ban-client unban 10.1.8.11
1

[root@server ~ 14:09:56]# watch 'fail2ban-client status sshd'

防止 Nginx 恶意访问

bash 复制代码 
[root@server ~ 15:14:22]# fail2ban-client unban 10.1.8.11
[root@server ~ 15:19:34]# cat /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 86400
findtime = 60
maxretry = 5
banaction = firewallcmd-ipset
action = %(action_mwl)s

[sshd]
enabled = true
filter  = sshd
port    = 22
action = %(action_mwl)s
logpath = /var/log/secure

[nginx-cc]
enabled = true
port = http,https
filter = nginx-cc
action = %(action_mwl)s
maxretry = 5
findtime = 60
bantime = 3600
logpath = /var/log/nginx/access.log

[root@server ~ 15:22:37]# cat /etc/fail2ban/filter.d/nginx-cc.conf
[Definition]
failregex = <HOST> -.*- .*HTTP/1.* .* .*$
ignoreregex =

[root@server ~ 15:11:22]# systemctl restart  fail2ban.service 

[root@server ~ 15:17:49]# firewall-cmd --add-service=http
success

[root@server ~ 15:18:09]# watch fail2ban-client status nginx-cc
You have new mail in /var/spool/mail/root

[root@server ~ 15:19:07]# firewall-cmd --list-all

防止 Wordpress 爆破

bash 复制代码 
#touch一个文件代替即可

#新建一个nginx日志匹配规则

[root@server ~]# vim /etc/fail2ban/filter.d/wordpress.conf
[Definition]
failregex = ^<HOST> -.* /wp-login.php.* HTTP/1\.."
ignoreregex =

#在/etc/fail2ban/jail.local中追加如下内容

[wordpress]
enabled = true
port = http,https
filter = wordpress
action = %(action_mwl)s
maxretry = 20
findtime = 60
bantime = 3600
logpath = /usr/local/nginx/logs/access.log

client端验证

bash 复制代码 
#ssh远程登陆10.1.8.10
[root@client ~ 13:55:59]# ssh root@10.1.8.10
ssh: connect to host 10.1.8.10 port 22: Connection refused

[root@client ~ 14:10:06]# sshpass -p '456' ssh root@10.1.8.10 hostname
Permission denied, please try again.
[root@client ~ 14:10:15]# sshpass -p '456' ssh root@10.1.8.10 hostname
Permission denied, please try again.
[root@client ~ 14:10:17]# sshpass -p '456' ssh root@10.1.8.10 hostname
Permission denied, please try again.
[root@client ~ 14:10:20]# sshpass -p '456' ssh root@10.1.8.10 hostname
Permission denied, please try again.
[root@client ~ 14:10:23]# sshpass -p '456' ssh root@10.1.8.10 hostname
Permission denied, please try again.
[root@client ~ 14:10:26]# sshpass -p '456' ssh root@10.1.8.10 hostname
ssh: connect to host 10.1.8.10 port 22: Connection refused


#web访问限制

[root@client ~ 15:18:25]# curl 10.1.8.10
xxx
[root@client ~ 15:18:25]# curl 10.1.8.10
xxx
[root@client ~ 15:18:26]# curl 10.1.8.10
xxx
[root@client ~ 15:18:26]# curl 10.1.8.10
xxx
[root@client ~ 15:18:26]# curl 10.1.8.10
curl: (7) Failed connect to 10.1.8.10:80; Connection refused

root@client \~ 15:18:26\]# curl 10.1.8.10 xxx \[root@client \~ 15:18:26\]# curl 10.1.8.10 xxx \[root@client \~ 15:18:26\]# curl 10.1.8.10 curl: (7) Failed connect to 10.1.8.10:80; Connection refused ``` ```

相关推荐
REDcker25 分钟前
Linux信号机制详解 POSIX语义与内核要点 sigaction与备用栈实践
linux·运维·php
cui_ruicheng1 小时前
Linux进程间通信(三):System V IPC与共享内存
linux·运维·服务器
蚰蜒螟1 小时前
深入 Linux 内核同步机制:从 futex 到 spinlock 的完整旅程
linux·windows·microsoft
运维全栈笔记2 小时前
Linux安装配置Tomcat保姆级教程:从部署到性能调优
linux·服务器·中间件·tomcat·apache·web
dllmayday3 小时前
Linux 上用终端连接 WiFi
linux·服务器·windows
ACP广源盛139246256733 小时前
IX8024与科学大模型的碰撞@ACP#筑牢科研 AI 算力高速枢纽分享
运维·服务器·网络·数据库·人工智能·嵌入式硬件·电脑
Empty-Filled3 小时前
AI生成测试用例功能怎么测:一个完整实战案例
网络·人工智能·测试用例
峥无4 小时前
Linux系统编程基石:静态库·动态库·ELF文件·进程地址空间全景图
linux·运维·服务器
用户2367829801684 小时前
从 chmod 755 说起:Unix 文件权限到底是怎么算的?
linux
码云数智-大飞4 小时前
本地部署大模型:隐私安全与多元优势一站式解读
运维·网络·人工智能
热门推荐
01要裂开了!ChatGPT要手机号验证了?注册Codex要求验证电话号码怎么办?2026年登陆Codex要手机号验证的解决办法02GitHub 镜像站点03Codex 接入 DeepSeek API 完整配置文档04【AI】2026 年具身智能模型和世界模型总结05裂开!ChatGPT 居然开始要手机号验证,附详细解决方法06零基础教你claude code 接入 deepseek V4072026年AI前瞻:量子AI、具身智能与科学发现的新纪元08实测可用|小米 MiMo 百万亿 Token 免费领,开发者速冲09在Windows 11上安装Docker的踩坑记录10CC-Switch & Claude 基于 Linux 服务器安装使用指南