前言

Fail2ban是一个使用python编写的日志分析工具。可以根据自定的规则来自动封禁满足条件的IP地址。Fail2ban可以用于各种情况下，本文将专注于使用Fail2ban来自动封禁SSH暴力破解的IP地址。

安装Fail2ban

Centos 7

安装Fail2ban和firewalld防火墙

sudo yum install fail2ban fail2ban-systemd failwalld

新建Fail2ban jail文件，将SSH登陆失败3次的IP封禁1天
sudo vim /etc/fail2ban/jail.d/sshd.conf

[DEFAULT]
bantime = 86400
ignoreip = 127.0.0.1/8

[sshd]
enabled  = true
port = ssh
filter   = sshd
banaction = firewallcmd-allports
backend  = systemd
maxretry = 3

 

Ubuntu 18.04+

安装Fail2ban和ufw防火墙

sudo apt install fail2ban ufw

新建Fail2ban jail文件，将SSH登陆失败3次的IP封禁1天
sudo vim /etc/fail2ban/jail.d/sshd.conf

[DEFAULT]
bantime = 86400
ignoreip = 127.0.0.1/8

[sshd]
enabled  = true
port = ssh
filter   = sshd
banaction = ufw
backend  = systemd
maxretry = 3

启用和设置Fail2ban自动启动

sudo systemctl enable fail2ban #设置fail2ban开启自动启动
sudo systemctl restart fail2ban #重新启动fail2ban