在安裝fail2ban之前，建議將ssh服務(wù)配置為通過(guò)密鑰登錄并禁止密碼登錄。這樣既可以增強(qiáng)安全性，也可以避免fail2ban啟動(dòng)后因忘記密碼或輸錯(cuò)密碼導(dǎo)致正常登錄被封禁。其他操作系統(tǒng)詳見(jiàn)：https://github.com/fail2ban/fail2ban/wiki

1.安裝軟件

apt-get install -y fail2ban

2.啟動(dòng)并設(shè)置開(kāi)機(jī)啟動(dòng)

systemctl start fail2ban

systemctl enable fail2ban

3.新建配置文件jail.local，上傳到/etc/fail2ban目錄下

這個(gè)是精簡(jiǎn)版的配置文件，官方文件地址：https://github.com/mikechau/fail2ban-configs/blob/master/jail.local

不要修改jail.conf和fail2ban.conf，原因詳見(jiàn)：https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration

[DEFAULT]

ignoreip = 127.0.0.1

findtime = 60

maxretry = 1

bantime? = -1

banaction = iptables-multiport

[ssh]

enabled? = true

port? ? ?= ssh

filter? ?= sshd

logpath? = /var/log/auth.log

maxretry = 1

4.上傳配置后，重載服務(wù)

service fail2ban reload

5.查看封禁IP

fail2ban-client status sshd

7.查看運(yùn)行狀態(tài)

journalctl -ru fail2ban

8.解禁IP

fail2ban-client set sshd unbanip IP_ADDRESS

9.查看登錄失敗日志

lastb

10.清除登錄失敗日志

cd /var/log

echo > /var/log/btmp

echo > /var/log/btmp.1

參考資料：

https://its.pku.edu.cn/faq_fail2ban.jsp

https://github.com/fail2ban/fail2ban/wiki