Fail2Ban 是一个广泛使用的工具,用于检测恶意登录尝试和其他异常活动,并自动封锁攻击者的IP地址。您可以配置它来检测过多的连接请求,然后暂时封锁来自恶意IP地址的访问。

安装与启动

Debian/Ubuntu安装

apt update -y && apt install -y fail2ban

CentOS安装

yum update -y 
yum install -y epel-release 
yum install -y fail2ban
yum install -y nano

启动

systemctl start fail2ban

开机自启

systemctl enable fail2ban

查看状态

systemctl status fail2ban

1695690033456

主配置文件

主配置文件创建本地副本

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

编辑本地副本

nano /etc/fail2ban/jail.local

重启服务

systemctl restart fail2ban

SSH防御 防止暴力破解

rm -rf /etc/fail2ban/jail.d/*

nano /etc/fail2ban/jail.d/sshd.local

插入以下文本

[sshd]
enabled = true
mode   = normal
backend = systemd

重启服务

systemctl restart fail2ban

查看封锁列表

fail2ban-client status

查看SSH封锁情况

fail2ban-client status sshd

1695690071100

网站防御

采用科技lion的LDNMP建站方案可以使用该防御

删除之前nginx容器

docker rm -f nginx

部署新容器我们把log映射出来

docker run -d --name nginx --restart always --network web_default -p 80:80 -p 443:443 -v /home/web/conf.d:/etc/nginx/conf.d -v /home/web/certs:/etc/nginx/certs -v /home/web/html:/var/www/html **-v /home/web/log/nginx:/var/log/nginx** nginx

创建网站拦截规则

nano /etc/fail2ban/jail.d/nginx.local

插入规则

[nginx-http-auth]
enabled = true
mode = fallback
port = http,https
logpath = /home/web/log/nginx/access.log

[nginx-limit-req]
enabled = true
port  = http,https
logpath = /home/web/log/nginx/access.log

[nginx-botsearch]
enabled = true
port   = http,https
logpath = /home/web/log/nginx/access.log

[nginx-bad-request]
enabled = true
port  = http,https
logpath = /home/web/log/nginx/access.log

[php-url-fopen]
enabled = true
port  = http,https
logpath = /home/web/log/nginx/access.log

1695690117528(1)

重启服务

systemctl restart fail2ban

查看nginx封锁情况

fail2ban-client status nginx-http-auth

查看总日志

tail -f /var/log/fail2ban.log

1695690137411

卸载

systemctl disable fail2ban
systemctl stop fail2ban
apt remove -y --purge fail2ban
find / -name "fail2ban" -type d
rm -rf /etc/fail2ban

标签: none