fail2ban使用教程

地址

用法

apt-get update
apt-get install -y iptables
apt-get install -y fail2ban
systemctl start fail2ban
systemctl status fail2ban        # 查看fail2ban 是否正常启动
systemctl enable fail2ban

配置sshd

vim /etc/fail2ban/jail.local

[sshd]               
enabled = true     
port = 22          
filter = sshd       
logpath = /var/log/auth.log  
maxretry = 3       
bantime = 1d

配置其他规则(远程登录aml,防止被爆破)

vim /etc/fail2ban/filter.d/frps_aml.conf

[Definition]
failregex = ^.*\[.*19222_aml_ssh.*\] get a user connection \[<HOST>:[0-9]*\]
ignoreregex =

`vim /etc/fail2ban/jail.local`

[aml]
enabled = true
port = 19222
filter = frps_aml
logpath = /var/log/frp/frps.log
maxretry = 10
bantime = 1d

重启服务

systemctl stop fail2ban
systemctl start fail2ban

其他

查看 2022 年 10 月 16 日至 10 月 18 日的失败 ssh 登陆记录
lastb -s 2022-10-16 -t 2022-10-18
取消 ban 测试IP地址
fail2ban-client set sshd unbanip IP_ADDRESS
查看sshd的详细状态
fail2ban-client status sshd