良玉的博客 点点滴滴,积水成河_良玉的博客_页游、手游linux运维工程师之路

centos下安装fail2ban

下载 fail2ban/fail2ban/tar.gz/0.8.13" style="font-family: Tahoma; orphans: 2; text-align: -webkit-auto; widows: 2; color: rgb(85, 102, 221); text-decoration: none; display: inline-block; max-width: 500px; overflow: hidden; padding-bottom: 1px; padding-top: 4px; text-overflow: ellipsis; font-size: 12px;" target="_blank">https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.13
# tar xvf fail2ban-0.8.13.tar.gz
# cd fail2ban-0.8.13
# python setup.py install
安装好后
cd /etc/fail2ban/就是配置文件目录了
# fail2ban-client start 就可以开启了
 
jail.conf里设置了哪些服务需要监控
编辑vim jail.conf
[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=test@163.com, sender=test@163.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 5


[ssh-ddos]

enabled  = true
filter   = sshd-ddos
action   = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
logpath  = /var/log/secure
maxretry = 2
然后重加载下
# fail2ban-client reload 就可以了
查看日志
#tail -f /var/log/fail2ban.log
2014-08-12 15:02:51,071 fail2ban.server [51524]: INFO    Stopping all jails
2014-08-12 15:02:51,072 fail2ban.server [51524]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2014-08-12 15:02:51,073 fail2ban.jail   [51524]: INFO    Creating new jail 'ssh-iptables'
2014-08-12 15:02:51,074 fail2ban.jail   [51524]: INFO    Jail 'ssh-iptables' uses poller
2014-08-12 15:02:51,090 fail2ban.jail   [51524]: INFO    Initiated 'polling' backend
2014-08-12 15:02:51,091 fail2ban.filter [51524]: INFO    Added logfile = /var/log/secure
2014-08-12 15:02:51,093 fail2ban.filter [51524]: INFO    Set maxRetry = 5
2014-08-12 15:02:51,094 fail2ban.filter [51524]: INFO    Set findtime = 600
2014-08-12 15:02:51,095 fail2ban.actions[51524]: INFO    Set banTime = 600
2014-08-12 15:02:51,238 fail2ban.jail   [51524]: INFO    Creating new jail 'ssh-ddos'
2014-08-12 15:02:51,238 fail2ban.jail   [51524]: INFO    Jail 'ssh-ddos' uses poller
2014-08-12 15:02:51,239 fail2ban.jail   [51524]: INFO    Initiated 'polling' backend
2014-08-12 15:02:51,239 fail2ban.filter [51524]: INFO    Added logfile = /var/log/secure
2014-08-12 15:02:51,240 fail2ban.filter [51524]: INFO    Set maxRetry = 2
2014-08-12 15:02:51,242 fail2ban.filter [51524]: INFO    Set findtime = 600
2014-08-12 15:02:51,242 fail2ban.actions[51524]: INFO    Set banTime = 600
2014-08-12 15:02:51,293 fail2ban.jail   [51524]: INFO    Jail 'ssh-iptables' started
2014-08-12 15:02:51,337 fail2ban.jail   [51524]: INFO    Jail 'ssh-ddos' started


标签: centoslinuxfail2ban

作者:良玉 分类:fail2ban 浏览:1030 评论:0
留言列表
发表评论
来宾的头像