fail2ban

  1. 参考链接

  2. 安装前请先确认,您的服务器使用的防护软件为firewalld而不是iptables

  3. 安装fail2ban

     yum -y install epel-release
     yum -y install fail2ban
    
  4. 新增Nginx防CC攻击规则

     vim /etc/fail2ban/filter.d/nginx-cc.conf
    
     [Definition]
     failregex = <HOST> -.*- .*HTTP/1.* .* .*$
     ignoreregex =
    
     ESC
     :wq
    
  5. 调整配置

     vim /etc/fail2ban/jail.local
    
     #除了127.0.0.1以外100秒内访问次数超过200次的IP都将被firewalld屏蔽600秒
     [DEFAULT]
     ignoreip  = 127.0.0.1,192.168.0.1
     bantime   = 86400
     findtime  = 600
     maxretry  = 3
     banaction = firewallcmd-ipset
     action    = %(action_mwl)s
    
     [sshd]
     enabled   = true
     filter    = sshd
     port      = 22
     bantime   = 86400
     findtime  = 600
     maxretry  = 3
     action    = %(action_mwl)s
     logpath   = /var/log/secure
    
     [nginx-cc]
     enabled   = true
     filter    = nginx-cc
     port      = 80,443
     bantime   = 3600
     findtime  = 100
     maxretry  = 100
     action    = %(action_mwl)s
     logpath = /usr/local/nginx/logs/access.log
    
     ESC
     :wq
    
  6. 开机启动、启动、重启、停止、禁止开机启动

     #开机启动
     systemctl enable fail2ban
     #启动
     systemctl start fail2ban
     #重启
     systemctl restart fail2ban
     #停止
     systemctl stop fail2ban
     #禁止开机启动
     systemctl disable fail2ban
    
  7. fail2ban-client

     #重载fail2ban所有规则的配置
     fail2ban-client reload
    
     #查看fail2ban指定规则的状态
     fail2ban-client status [规则名称]
    
     #修改fail2ban指定规则的状态
     fail2ban-client set [规则名称] unbanip [IP]
    
     #查看fail2ban工作日志
     tail /var/log/fail2ban.log
    
  8. fail2ban-client命令参数

     # 配置文件目录
     -c [目录路径]
    
     # 会话文件路径
     -s [文件路径]
    
     # 进程ID文件路径
     -p [文件路径]
    
     # 打印配置信息
     -d
    
     # 打开互动模式
     -i
    
     # 增加冗余长度
     -v
    
     # 减少冗余长度
     -q
    
     # 强制执行server(删除套接字文件)
     -x
    
     # 在后台运行server
     -b
    
     # 在前台运行server
     -f
    
     # 获取帮助信息
     -h
    
     # 获取版本信息
     -V
    
  9. fail2ban-client进阶命令

     # 启动服务和规则
     start
    
     # 重新加载配置
     reload
    
     # 重新加载指定规则的配置
     reload [规则名称]
    
     # 停止所有规则并关闭服务
     stop
    
     # 查看所有规则的运行状态及服务运行状态
     status
    
     # 查看指定规则的运行状态
     status [规则名称]
    
     # 查看测试服务是否在运行
     ping
    
     # 获得帮助
     help
    
     # 获得版本信息
     version
    
     # 设置日志级别
     set loglevel [CRITICAL, ERROR, WARNING,NOTICE, INFO, DEBUG]
    
     # 获取日志级别
     get loglevel
    
     # 设置日志标签
     set logtarget [STDOUT, STDERR, SYSLOG]
    
     # 获取日志标签
     get logtarget
    
     # 设置系统日志套接字
     set syslogsocket auto|[套接字]
    
     # 获取系统日志套接字
     get syslogsocket
    
     # 刷新日志标签
     flushlogs
    
     # 其它命令
     set dbfile [文件路径|None]
     get dbfile
    
     set dbpurgeage [秒数]
     get dbpurgeage
    
     add [规则名称] [后台]
     start [规则名称]
     stop [规则名称]
     status [规则名称] [个性定制]
    
     set [规则名称] idle on
     set [规则名称] idle off
     # 添加IP白名单
     set [规则名称] addignoreip [IP]
     # 删除IP白名单
     set [规则名称] delignoreip [IP]
    
@耿志环 2012-∞ 冀ICP备17033181号, powered by Gitbook修订: 2019-06-01 10:34:00

results matching ""

    No results matching ""