一.安裝在CENTOS5.5上
- tar -jxvf fail2ban-0.8.4.tar.bz2
- cd fail2ban-0.8.4/
- 用root用戶執行
- ./setup.py install
- cp files/redhat-initd /etc/init.d/fail2ban (文件視OS而定)
- chmod 755 /etc/init.d/fail2ban
二.建立”/etc/logrotate.d/fail2ban”: (經測試這一步可以免去)
/var/log/fail2ban.log {
weekly
rotate 7
missingok
compress
postrotate
/usr/bin/fail2ban-client reload 1>/dev/null || true endscript }
注:fail2ban-client的路徑依據自己系統情況改變,例 如我的:
whereis fail2ban-client
fail2ban-client: /usr/bin/fail2ban-client
whereis fail2ban-client
fail2ban-client: /usr/bin/fail2ban-client
修改/etc/fail2ban/jail.conf
ignoreip = 127.0.0.1 # 忽悠 IP範圍 如果有二組以上用空白做爲間隔
bantime = 600 # 設定 IP 被封鎖的時間(秒),如果值爲 -1,代表永遠封鎖
findtime = 600 # 設定在多少時間內達到 maxretry 的次數就封鎖
maxretry = 3 # 允許嘗試的次數
#針對sshd暴力***防護
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=root]
logpath = /var/log/secure
maxretry = 5 # 如果有個別的次數設定就設在這裏
#針對vsftpd暴力***防護
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, [email protected]]
logpath = /var/log/secure
maxretry = 3 建議設置成maxretry爲 3 表示3次錯誤就封鎖
bantime = 1800
[pop-iptables]
enabled = true
filter = courierlogin
action = iptables[name=pop, port=pop3, protocol=tcp]
logpath = /var/log/maillog
maxretry = 3