Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.
fail2ban就是一个监视系统日志文件的服务,发现有可疑并符合设定值的IP访问,就更新防火墙(iptables) 来阻止该IP的访问,常见的应用场合如 ssh、ftp登陆日志监控等。根据原理,还可以自定义很多监控出来。另外支持发送警告信息到管理员邮箱(需要sendmail支持)。
此处介绍的安装配置过程主要参考了:用fail2ban阻止SSH和VSFTP暴力破解密码。fail2ban中Webmin的相关配置可以参考:fail2ban – webmin filter。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | #Step1: 安装 yum install fail2ban gamin #Step2: 配置 cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.conf_$(date +%Y%m%d).bak cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf_$(date +%Y%m%d).bak #vim /etc/fail2ban/fail2ban.conf logtarget = /var/log/fail2ban.log #vim /etc/fail2ban/jail.conf [vsftpd-iptables] enabled = true ... logpath = /var/log/secure ... #Webmin [webmin-iptables] enabled = true filter = webmin-auth action = iptables[name=Webmin, port=10000, protocol=tcp] sendmail-whois[name=Webmin, dest=XXX@gmail.com] logpath = /var/webmin/webmin.log #Step3: 启动 chkconfig --add fail2ban chkconfig --level 345 fail2ban on service fail2ban start |