安装

以Debian系统为例

1
2

sudo apt update
sudo apt install -y fail2ban

启动

1
2
3
4
5

sudo systemctl start fail2ban
# 查看状态
sudo systemctl status fail2ban
# 开机自启动
sudo systemctl enable fail2ban

有个坑:Debian 12系统需要先改下配置文件,再启动,否则会启动失败,Debian 11系统不影响,具体看下面配置

配置

默认配置文件在/etc/fail2ban内,为了安全起见,新建/etc/fail2ban/jail.local 文件

1

sudo nano /etc/fail2ban/jail.local

由于只需要配置sshd服务,所以只加下面内容即可

1
2
3
4
5
6
7
8

[sshd]
enabled = true
maxretry = 3
findtime = 600
bantime = 3600

#Debian 12需要设置
backend = systemd

maxretry: 允许的最大尝试次数,超过这个次数将触发封锁

findtime: 在 findtime 秒内达到 maxretry 尝试次数将触发封锁。

bantime: 设置封锁时间为1小时(3600秒)

Debian 12 需要设置backend见此[BR]: fail2ban does not start on some debian/ubuntu systems - backend should probably be set to systemd on all systemd-based distros · Issue #3292 · fail2ban/fail2ban · GitHub

fail2ban常用命令

1
2
3
4
5
6

# 显示 Fail2ban 的详细信息
sudo fail2ban-client status
# 显示 sshd服务
sudo fail2ban-client status sshd
# 手动测试规则(例如,测试 SSH 规则)
sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

参考:

GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Dedicated CPU