服务器安全加固 fail2ban 用法
1.安装软件
yum install fail2ban -y# ubuntu 对应安装命令是apt install fail2ban -y
2.修改配置
[ssh-iptables] enabled = truefilter = sshdaction = iptables[name=SSH,port=ssh,protocol=tcp]#ubuntu 对应的文件是/var/log/auth.loglogpath = /var/log/secure#这三个代表的是 将 5 分钟内频繁访问失败 3 次的 IP 屏蔽 3600 秒maxretry = 3 findtime = 300bantime = 3600
3.启动服务
systemctl restart fail2ban.service systemctl enable fail2ban.service
4.模拟登录
ssh youserver_ip
5.审计查看
iptables -L -n | tailfail2ban-client status ssh-iptables
5.误报移除
fail2ban-client set ssh-iptables unbanip yourip
