服务 Linux

发布于 更新于

AI总结: 本文介绍了在Ubuntu 20.04.6 LTS系统上安装和配置Fail2Ban的步骤。首先,使用apt-get命令安装Fail2Ban,并通过service和systemctl命令查询服务状态。接着,使用fail2ban-client命令查看启用的规则及其详情,并提供了重新加载配置、手动解禁IP的命令。配置文件位于/etc/fail2ban,特别是对sshd的配置进行了详细说明,包括启用状态、端口、过滤器等设置。此外,介绍了如何添加自定义动作bark.conf。需要注意的是,文中提到的“bark”动作的具体实现和效果未详细说明,可能导致用户对其功能产生误解。

安装

系统: Ubuntu 20.04.6 LTS 

apt-get install fail2ban

命令

查询服务状态

service fail2ban status  
systemctl status fail2ban.service

查询状态

# 查看启用的规则  
# fail2ban-client status  
Status  
|- Number of jail:      1  
`- Jail list:   sshd  

# 查看规则详情  
# fail2ban-client status sshd  
Status for the jail: sshd  
|- Filter  
|  |- Currently failed: 0  
|  |- Total failed:     0  
|  `- File list:        /var/log/auth.log  
`- Actions  
   |- Currently banned: 0  
   |- Total banned:     0  
   `- Banned IP list:  

# 重新加载配置  
# fail2ban-client reload  

# 重新加载单个配置  
# fail2ban-client reload sshd  

# 手动解禁IP  
# fail2ban-client set sshd unbanip 192.168.1.1

配置

配置目录: /etc/fail2ban

修改sshd配置
/etc/fail2ban/jail.d/sshd.conf 

[sshd]  
enabled = true  
mode   = normal  
port    = ssh  
filter  = sshd  
banaction = iptables  
            bark[name=sshd]  
backend = systemd  
maxretry = 2  
findtime = 1d  
bantime = 2w  
ignoreip = 127.0.0.1/8  
logpath = %(sshd_log)s  
#backend = %(sshd_backend)s

添加bark.conf自定义action

vim /etc/fail2ban/action.d/bark.conf  


[Definition]  
norestored = 1  
actionban   = /usr/bin/python3 /root/script/bark.py fail2ban-<name> <ip>  
actionunban =  
actioncheck =  
actionstart =  
actionstop =  

[Init]  

name = default  
blocktype = unreachable

参考链接

Fail2Ban 教程
Fail2ban推荐配置脚本