下载地址:https://github.com/fail2ban/fail2ban/archive/refs/tags/1.1.0.tar.gz
安装方法:
apt install python3-setuptools python3-systemd -y # Debian/Ubuntu 系列
yum install python3-setuptools python3-systemd -y # RHEL/CentOS/openEuler 系列
tar xvfj fail2ban-master.tar.bz2
cd fail2ban-master
sudo python setup.py install设置服务自动启动:
cp build/fail2ban.service /usr/lib/systemd/system/
systemctl start fail2ban
systemctl enable fail2ban配置,/etc/fail2ban/jail.local: (依据jail.conf提炼出来的)
[INCLUDES]
before = paths-debian.conf
[DEFAULT]
ignoreself = true
ignoreip = 127.0.0.1/8 ::1
ignorecommand =
bantime = 10m
findtime = 10m
maxretry = 5
maxmatches = %(maxretry)s
backend = auto
usedns = warn
logencoding = auto
enabled = false
mode = normal
filter = %(__name__)s[mode=%(mode)s]
destemail = root@localhost
sender = root@<fq-hostname>
mta = sendmail
protocol = tcp
chain = <known/chain>
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
banaction = iptables-multiport
banaction_allports = iptables-allports
action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(action_)s
%(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(action_)s
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
action_xarf = %(action_)s
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
action_abuseipdb = abuseipdb
action = %(action_)s
[sshd]
enabled = true
mode = aggressive
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s查看被封的IP:
fail2ban-client get sshd banned报错:ERROR Failed during configuration: Have not found any log file for sshd jail
原因:没有发现/var/log/auth.log
检查:rsyslog有没有安装systemctl status rsyslog
没有安装则需要安装:apt-get install rsyslog
报错:ModuleNotFoundError: No module named ‘fail2ban’
现象:openeuler系统中,单步执行/usr/local/bin/fail2ban-server -xf start 正常启动,而通过/usr/lib/systemd/system/fail2ban.service启动失败
检查:/usr/lib/systemd/system/fail2ban.service里是否有Environment=”PYTHONNOUSERSITE=1″
尝试:注释Environment=”PYTHONNOUSERSITE=1″,看看是否启动成功,一般来说是可以的。
Categories:
系统运维