安装Fail2ban及简单配置
安装 以Debian系统为例 1 2 sudo apt update sudo apt install -y fail2ban 启动 1 2 3 4 5 sudo systemctl start fail2ban # 查看状态 sudo systemctl status fail2ban # 开机自启动 sudo systemctl enable fail2ban 有个坑:Debian 12系统需要先改下配置文件,再启动,否则会启动失败,Debian 11系统不影响,具体看下面配置 配置 默认配置文件在/etc/fail2ban内,为了安全起见,新建/etc/fail2ban/jail.local 文件 1 sudo nano /etc/fail2ban/jail.local 由于只需要配置sshd服务,所以只加下面内容即可 1 2 3 4 5 6 7 8 [sshd] enabled = true maxretry = 3 findtime = 600 bantime = 3600 #Debian 12需要设置 backend = systemd maxretry: 允许的最大尝试次数,超过这个次数将触发封锁 findtime: 在 findtime 秒内达到 maxretry 尝试次数将触发封锁。 bantime: 设置封锁时间为1小时(3600秒) Debian 12 需要设置backend见此[BR]: fail2ban does not start on some debian/ubuntu systems - backend should probably be set to systemd on all systemd-based distros · Issue #3292 · fail2ban/fail2ban · GitHub fail2ban常用命令 1 2 3 4 5 6 # 显示 Fail2ban 的详细信息 sudo fail2ban-client status # 显示 sshd服务 sudo fail2ban-client status sshd # 手动测试规则(例如,测试 SSH 规则) sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf 参考: GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors Dedicated CPU