{"id":352,"date":"2011-06-03T10:40:51","date_gmt":"2011-06-03T10:40:51","guid":{"rendered":""},"modified":"2011-06-03T10:40:51","modified_gmt":"2011-06-03T10:40:51","slug":"%E7%94%A8fail2ban%E9%98%BB%E6%AD%A2SSH%E5%92%8CVSFTP%E6%9A%B4%E5%8A%9B%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81","status":"publish","type":"post","link":"https:\/\/ybzx.vip\/wp\/?p=352","title":{"rendered":"\u7528fail2ban\u963b\u6b62SSH\u548cVSFTP\u66b4\u529b\u7834\u89e3\u5bc6\u7801"},"content":{"rendered":"<p>\u67d0\u51e0\u4e2aIP\u6700\u8fd1\u4e00\u76f4\u4e0d\u505c\u7684\u5728\u8bd5\u56fe\u767b\u5f55SSH\u548cFTP\u3002\u628a\u673a\u5668\u4e0a\u7684\u51e0\u4e2a\u865a\u62df\u4e3b\u673a\u90fd\u731c\u4e86\u4e00\u904d\u3002<br \/>\u7528fail2ban\u52a0\u4e2a\u5c4f\u853d\u5427\u3002\u4e09\u6b21\u731c\u4e0d\u5bf9\uff0c\u5c31jail\u91cc\u4f11\u606f\u4fe9\u5c0f\u65f6\u518d\u56de\u6765\u3002<!--more--><\/p>\n<p>\u4e00\u3001\u4e0b\u8f7d\u5b89\u88c5<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">#wget http:\/\/cdnetworks-kr-2.dl.sourceforge.net\/project\/fail2ban\/fail2ban-stable\/fail2ban-0.8.4\/fail2ban-0.8.4.tar.bz2\r\n#tar xvfj fail2ban-0.8.4.tar.bz2\r\n#cd fail2ban-0.8.4\r\n#python setup.py install\r\n#cd files\r\n# cp .\/redhat-initd \/etc\/init.d\/fail2ban\r\n# chkconfig \u2013add fail2ban\r\n#service fail2ban start<\/pre>\n<p>\u6ce8\u610f\uff1a\u5982\u679c\u91cd\u8d77iptables \u8bb0\u7684\u4e00\u5b9a\u8fd8\u8981\u91cd\u8d77fail2ban\uff0c\u4e0d\u7136\u4ed6\u5c31\u4e0d\u80fd\u751f\u6548\uff0cfail2ban\u7684\u8fc7\u6ee4\u8868\u662f\u5728iptables \u542f\u52a8\u540e\u5728\u52a0\u5165\u7684\u3002<\/p>\n<p>\u4e8c\u3001\u914d\u7f6e<br \/>1\u3001fail2ban\u672c\u8eab\u914d\u7f6e<br \/>\u9ed8\u8ba4fail2ban.conf\u91cc\u9762\u5c31\u4e09\u4e2a\u53c2\u6570\uff0c\u800c\u4e14\u90fd\u6709\u6ce8\u91ca\u3002<br \/>#\u9ed8\u8ba4\u65e5\u5fd7\u7684\u7ea7\u522b<br \/>loglevel = 3<br \/>#\u65e5\u5fd7\u7684\u5b58\u653e\u8def\u5f84<br \/>logtarget = \/var\/log\/fail2ban.log<br \/>#socket\u7684\u4f4d\u7f6e<br \/>socket = \/tmp\/fail2ban.sock<\/p>\n<p>2\u3001fail2ban\u9632\u62a4\u914d\u7f6e<br \/>\u5168\u5c40\u8bbe\u7f6e<br \/># vi \/etc\/fail2ban\/jail.conf<br \/># \u5ffd\u60a0 IP\u8303\u56f4 \u5982\u679c\u6709\u4e8c\u7ec4\u4ee5\u4e0a\u7528\u7a7a\u767d\u505a\u4e3a\u95f4\u9694<br \/>ignoreip = 127.0.0.1<br \/># \u8bbe\u5b9a IP \u88ab\u5c01\u9501\u7684\u65f6\u95f4(\u79d2)\uff0c\u5982\u679c\u503c\u4e3a -1\uff0c\u4ee3\u8868\u6c38\u8fdc\u5c01\u9501<br \/>bantime = 86400<br \/># \u8bbe\u5b9a\u5728\u591a\u5c11\u65f6\u95f4\u5185\u8fbe\u5230 maxretry \u7684\u6b21\u6570\u5c31\u5c01\u9501<br \/>findtime = 600<br \/># \u8bbe\u5b9a\u5728\u591a\u5c11\u65f6\u95f4\u5185\u8fbe\u5230 maxretry \u7684\u6b21\u6570\u5c31\u5c01\u9501<br \/>maxretry = 3<br \/># \u5141\u8bb8\u5c1d\u8bd5\u7684\u6b21\u6570<\/p>\n<p>\u5206\u7c7b\u8bbe\u7f6e<br \/>#\u9488\u5bf9sshd\u66b4\u529b\u5165\u4fb5\u9632\u62a4<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">&#x5B;ssh-iptables]\r\n\r\nenabled = true\r\nfilter = sshd\r\naction = iptables&#x5B;name=SSH, port=ssh, protocol=tcp]\r\nsendmail-whois&#x5B;name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]\r\nlogpath = \/var\/log\/secure\r\n# \u5982\u679c\u6709\u4e2a\u522b\u7684\u6b21\u6570\u8bbe\u5b9a\u5c31\u8bbe\u5728\u8fd9\u91cc\r\nmaxretry = 3\r\n<\/pre>\n<p>#\u9488\u5bf9vsftpd\u66b4\u529b\u5165\u4fb5\u9632\u62a4<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n&#x5B;vsftpd-iptables]\r\n\r\nenabled = true\r\nfilter = vsftpd\r\naction = iptables&#x5B;name=VSFTPD, port=ftp, protocol=tcp]\r\nsendmail-whois&#x5B;name=VSFTPD, dest=you@mail.com]\r\nlogpath = \/var\/log\/secure\r\nmaxretry = 3\r\n<\/pre>\n<p>\u5efa\u8bae\u8bbe\u7f6e\u6210maxretry\u4e3a 3 \u8868\u793a3\u6b21\u9519\u8bef\u5c31\u5c01\u9501\uff0c\u53e6\u5916logpath(Centos5\u548cRhel5\u4e2d)\u8981\u6539\u6210\/var\/log\/secure\u3002<\/p>\n<p>\u7136\u540e\u6211\u4eec\u8bbe\u7f6e\u542f\u52a8\u670d\u52a1\uff1a<br \/>#chkconfig \u2013level 345 fail2ban on<br \/>#service fail2ban start<\/p>\n<p>\u4e09\u3001\u6d4b\u8bd5\uff1a<br \/>\u67e5\u770biptables \u7684\u89c4\u5219\u591a\u51fa\u4e86 iptables-ssh\u7684\u89c4\u5219<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\niptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget prot opt source destination\r\nfail2ban-SSH tcp \u2014 anywhere anywhere tcp dpt:ssh\r\nfail2ban-SSH tcp \u2014 anywhere anywhere tcp dpt:ssh\r\n\r\nChain fail2ban-SSH (2 references)\r\ntarget prot opt source destination\r\nDrop all \u2014 122.102.64.54 anywhere\r\n<\/pre>\n<p># \u8fd9\u6709\u4e00\u4e2a\u88ab\u963b\u6b62\u7684IP \u62d2\u7edd\u65f6\u95f4\u6839\u636e\u5728\u4f60\u7684\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u65f6\u95f4\u6709\u5173 \u6211\u8bbe\u7f6e\u7684\u662f\u4e00\u5929<br \/>RETURN all \u2014 anywhere anywhere<\/p>\n<p>++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br \/>\u5728\u5176\u4ed6\u7684\u673a\u5668\u4e0assh 192.168.1.2<br \/>\u8fde\u7eed\u4e09\u6b21\u8f93\u9519\u5bc6\u7801<\/p>\n<p>\u4f7f\u7528\u547d\u4ee4fail2ban-client status ssh-iptables<br \/>\u67e5\u770b\u963b\u6b62\u72b6\u6001<\/p>\n<p>\u6216\u8005<\/p>\n<p>fail2ban-client status<br \/>Status<br \/>&#124;- Number of jail: 1<br \/>`- Jail list: ssh-iptables<\/p>\n<p>\u6d4b\u8bd5\u7ed3\u679c\uff1a<br \/>#fail2ban-client status ssh-iptables<br \/>Status for the jail: ssh-iptables<br \/>&#124;- filter<br \/>&#124; &#124;- File list: \/var\/log\/secure<br \/>&#124; &#124;- Currently failed: 0<br \/>&#124; `- Total failed: 3<br \/>`- action<br \/>&#124;- Currently banned: 1<br \/>&#124; `- IP list: 192.168.1.1<br \/>`- Total banned: 1<\/p>\n<p>++++++++++++++++++++++++++++++++++++++++++++++++++++++++<\/p>\n<p>\u6211\u4eec\u5728\u6765\u770b\u770bfail2ban\u7684\u65e5\u5fd7\u8bb0\u5f55<\/p>\n<p>2010-05-17 16:57:23,964 fail2ban.actions: WARNING [ssh-iptables] Ban 192.168.1.1<br \/>2010-05-17 21:35:00,449 fail2ban.actions: WARNING [ssh-iptables] Ban 218.108.85.244<br \/>2010-05-18 03:56:34,986 fail2ban.actions: WARNING [ssh-iptables] Ban 59.39.66.30<\/p>\n<p>\u8bb0\u5f55\u4e86\u88ab\u963b\u6b62\u7684IP\uff0c\u6210\u529f\u963b\u6b62\u4e86ssh \u5bc6\u7801\u731c\u6d4b<\/p>\n<p>\u539f\u8f7d\u4e8e\uff1a http:\/\/jed.dzhope.com\/read.php?738<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u67d0\u51e0\u4e2aIP\u6700\u8fd1\u4e00\u76f4\u4e0d\u505c\u7684\u5728\u8bd5\u56fe\u767b\u5f55SSH\u548cFTP\u3002\u628a\u673a\u5668\u4e0a\u7684\u51e0\u4e2a\u865a\u62df\u4e3b\u673a\u90fd\u731c\u4e86\u4e00\u904d\u3002\u7528fail2ban\u52a0\u4e2a\u5c4f\u853d &hellip; <a href=\"https:\/\/ybzx.vip\/wp\/?p=352\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u7528fail2ban\u963b\u6b62SSH\u548cVSFTP\u66b4\u529b\u7834\u89e3\u5bc6\u7801<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[78],"class_list":["post-352","post","type-post","status-publish","format-standard","hentry","tag-linux"],"_links":{"self":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/posts\/352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=352"}],"version-history":[{"count":0,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/posts\/352\/revisions"}],"wp:attachment":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}