CentOS7安装fail2ban
作者QQ:67065435 QQ群:821635552
本站内容全部为作者原创,转载请注明出处!
安装前请先确认,您的服务器使用的防护软件为firewalld而不是iptables
安装fail2ban
yum -y install epel-release yum -y install fail2ban
新增Nginx防CC攻击规则
vim /etc/fail2ban/filter.d/nginx-cc.conf [Definition] failregex = <HOST> -.*- .*HTTP/1.* .* .*$ ignoreregex = ESC :wq
调整配置
vim /etc/fail2ban/jail.local #除了127.0.0.1以外100秒内访问次数超过200次的IP都将被firewalld屏蔽600秒 [DEFAULT] ignoreip = 127.0.0.1,192.168.0.1 bantime = 86400 findtime = 600 maxretry = 3 banaction = firewallcmd-ipset action = %(action_mwl)s [sshd] enabled = true filter = sshd port = 22 bantime = 86400 findtime = 600 maxretry = 3 action = %(action_mwl)s logpath = /var/log/secure [nginx-cc] enabled = true filter = nginx-cc port = 80,443 bantime = 3600 findtime = 100 maxretry = 100 action = %(action_mwl)s logpath = /usr/local/nginx/logs/access.log ESC :wq
开机启动、启动、重启、停止、禁止开机启动
#开机启动 systemctl enable fail2ban #启动 systemctl start fail2ban #重启 systemctl restart fail2ban #停止 systemctl stop fail2ban #禁止开机启动 systemctl disable fail2ban
fail2ban-client
#重载fail2ban所有规则的配置 fail2ban-client reload #查看fail2ban指定规则的状态 fail2ban-client status [规则名称] #修改fail2ban指定规则的状态 fail2ban-client set [规则名称] unbanip [IP] #查看fail2ban工作日志 tail /var/log/fail2ban.log
fail2ban-client命令参数
# 配置文件目录 -c [目录路径] # 会话文件路径 -s [文件路径] # 进程ID文件路径 -p [文件路径] # 打印配置信息 -d # 打开互动模式 -i # 增加冗余长度 -v # 减少冗余长度 -q # 强制执行server(删除套接字文件) -x # 在后台运行server -b # 在前台运行server -f # 获取帮助信息 -h # 获取版本信息 -V
fail2ban-client进阶命令
# 启动服务和规则 start # 重新加载配置 reload # 重新加载指定规则的配置 reload [规则名称] # 停止所有规则并关闭服务 stop # 查看所有规则的运行状态及服务运行状态 status # 查看指定规则的运行状态 status [规则名称] # 查看测试服务是否在运行 ping # 获得帮助 help # 获得版本信息 version # 设置日志级别 set loglevel [CRITICAL, ERROR, WARNING,NOTICE, INFO, DEBUG] # 获取日志级别 get loglevel # 设置日志标签 set logtarget [STDOUT, STDERR, SYSLOG] # 获取日志标签 get logtarget # 设置系统日志套接字 set syslogsocket auto|[套接字] # 获取系统日志套接字 get syslogsocket # 刷新日志标签 flushlogs # 其它命令 set dbfile [文件路径|None] get dbfile set dbpurgeage [秒数] get dbpurgeage add [规则名称] [后台] start [规则名称] stop [规则名称] status [规则名称] [个性定制] set [规则名称] idle on set [规则名称] idle off # 添加IP白名单 set [规则名称] addignoreip [IP] # 删除IP白名单 set [规则名称] delignoreip [IP]