Linux-fail2ban

  1. 作者QQ:67065435 QQ群:821635552

  2. 本站内容全部为作者原创,转载请注明出处!

  3. 安装前请先确认,您的服务器使用的防护软件为firewalld而不是iptables

  4. 安装fail2ban

    yum -y install epel-release
    yum -y install fail2ban
    
  5. 新增Nginx防CC攻击规则

    vim /etc/fail2ban/filter.d/nginx-cc.conf
    
    [Definition]
    failregex = <HOST> -.*- .*HTTP/1.* .* .*$
    ignoreregex =
    
    ESC
    :wq
    
  6. 调整配置

    vim /etc/fail2ban/jail.local
    
    #除了127.0.0.1以外100秒内访问次数超过200次的IP都将被firewalld屏蔽600秒
    [DEFAULT]
    ignoreip  = 127.0.0.1,192.168.0.1
    bantime   = 86400
    findtime  = 600
    maxretry  = 3
    banaction = firewallcmd-ipset
    action    = %(action_mwl)s
    
    [sshd]
    enabled   = true
    filter    = sshd
    port      = 22
    bantime   = 86400
    findtime  = 600
    maxretry  = 3
    action    = %(action_mwl)s
    logpath   = /var/log/secure
    
    [nginx-cc]
    enabled   = true
    filter    = nginx-cc
    port      = 80,443
    bantime   = 3600
    findtime  = 100
    maxretry  = 100
    action    = %(action_mwl)s
    logpath = /usr/local/nginx/logs/access.log
    
    ESC
    :wq
    
  7. 开机启动、启动、重启、停止、禁止开机启动

    #开机启动
    systemctl enable fail2ban
    #启动
    systemctl start fail2ban
    #重启
    systemctl restart fail2ban
    #停止
    systemctl stop fail2ban
    #禁止开机启动
    systemctl disable fail2ban
    
  8. fail2ban-client

    #重载fail2ban所有规则的配置
    fail2ban-client reload
    
    #查看fail2ban指定规则的状态
    fail2ban-client status [规则名称]
    
    #修改fail2ban指定规则的状态
    fail2ban-client set [规则名称] unbanip [IP]
    
    #查看fail2ban工作日志
    tail /var/log/fail2ban.log
    
  9. fail2ban-client命令参数

    # 配置文件目录
    -c [目录路径]
    
    # 会话文件路径
    -s [文件路径]
    
    # 进程ID文件路径
    -p [文件路径]
    
    # 打印配置信息
    -d
    
    # 打开互动模式
    -i
    
    # 增加冗余长度
    -v
    
    # 减少冗余长度
    -q
    
    # 强制执行server(删除套接字文件)
    -x
    
    # 在后台运行server
    -b
    
    # 在前台运行server
    -f
    
    # 获取帮助信息
    -h
    
    # 获取版本信息
    -V
    
  10. fail2ban-client进阶命令

    # 启动服务和规则
    start
    
    # 重新加载配置
    reload
    
    # 重新加载指定规则的配置
    reload [规则名称]
    
    # 停止所有规则并关闭服务
    stop
    
    # 查看所有规则的运行状态及服务运行状态
    status
    
    # 查看指定规则的运行状态
    status [规则名称]
    
    # 查看测试服务是否在运行
    ping
    
    # 获得帮助
    help
    
    # 获得版本信息
    version
    
    # 设置日志级别
    set loglevel [CRITICAL, ERROR, WARNING,NOTICE, INFO, DEBUG]
    
    # 获取日志级别
    get loglevel
    
    # 设置日志标签
    set logtarget [STDOUT, STDERR, SYSLOG]
    
    # 获取日志标签
    get logtarget
    
    # 设置系统日志套接字
    set syslogsocket auto|[套接字]
    
    # 获取系统日志套接字
    get syslogsocket
    
    # 刷新日志标签
    flushlogs
    
    # 其它命令
    set dbfile [文件路径|None]
    get dbfile
    
    set dbpurgeage [秒数]
    get dbpurgeage
    
    add [规则名称] [后台]
    start [规则名称]
    stop [规则名称]
    status [规则名称] [个性定制]
    
    set [规则名称] idle on
    set [规则名称] idle off
    # 添加IP白名单
    set [规则名称] addignoreip [IP]
    # 删除IP白名单
    set [规则名称] delignoreip [IP]
    
  11. 参考链接

Copyright © 豆包嘿嘿~ 2012-∞ 冀ICP备17033181号 all right reserved,powered by Gitbook修订: 2020-08-19 14:05:41

results matching ""

    No results matching ""