參考:https://blog.csdn.net/dorisnzy/article/details/82926067
1、安裝fail2ban:
yum -y install epel-release
yum -y install fail2ban
2、配置fail2ban:
修改/etc/fail2ban/jail.conf
[default]
destemail = [email protected]
sender = [email protected]
#這裏需要修改發送和接收郵件的郵箱
[nginx-get-404]
enabled = true
port = http,https
filter = nginx
action = iptables[name=nginx, port=http, protocol=tcp]
%(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
#這裏增加了郵件通知
logpath = /var/log/nginx/access.log
bantime = 3600
findtime = 60
maxretry = 5
增加/etc/fail2ban/filter.d/nginx.conf
[Definition]
failregex = <HOST> -.*- .*HTTP/1.* 404 .*$
ignoreregex = <HOST> -.*- .*GET /www/common/.*$
#ignoreregex是忽略的地址,防止因頁面代碼寫的不好引發的錯判,如果不需要可以留空
修改/etc/postfix/mail.cf
主要是修改releyhost = 10.0.30.1
本身有內部郵件的smtp轉發服務器
3、檢查fail2ban規則
fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/nginx.conf /etc/fail2ban/filter.d/nginx.conf --print-all-match --print-all-ignore
注意:上面有2次用到/etc/fail2ban/filter.d/nginx.conf,是因爲我配置了ignoreregex的內容
4、啓動fail2ban和postfix
service postfix restart
service fail2ban restart
5、檢查fail2ban
fail2ban-client status
fail2ban-client status ngixn-get-404
分別檢查的是fail2ban的總開關狀態,和其中nginx-get-404功能的掃描狀態