Fail2ban是类似于DenyHosts的防暴力破解软件,也是python开发,它不仅仅支持ssh服务,还支持ftp,mail等,也不仅仅支持hosts.deny,还可以调用iptables屏蔽IP.

官网:http://www.fail2ban.org/wiki/index.php/Main_Page
下载:http://sourceforge.net/projects/fail2ban/files/
https://github.com/downloads/fail2ban/fail2ban/fail2ban_0.8.6.orig.tar.gz
参考:http://www.fail2ban.org/wiki/index.php/HOWTOs

安装:
wget -c http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
yum install fail2ban

或者

# tar -xjvf fail2ban-0.8.4.tar.bz2
# cd fail2ban-0.8.4
# python setup.py install
# cp files/redhat-initd /etc/init.d/fail2ban
# chkconfig –add fail2ban
# chkconfig fail2ban on
# service fail2ban start

应用:
[root@mail fail2ban]# pwd
/etc/fail2ban
[root@mail fail2ban]# ll
total 20
drwxr-xr-x 2 root root 4096 Mar 29 15:08 action.d  动作
-rw-r--r-- 1 root root  844 Sep 16  2009 fail2ban.conf 日志级别,日志输入,日志soeket三个配置项
drwxr-xr-x 2 root root 4096 Mar 29 15:08 filter.d  要过滤的日志文件配置
-rw-r--r-- 1 root root 6545 Mar 29 15:53 jail.conf 主配置文件,IP白名单,尝试次数,屏蔽时长,过滤选项等
[root@mail fail2ban]# 
默认一般sshd服务是开启的,true状态,其他可以参照sshd配置修改,修改自己的收发邮件地址,需要开启sendmail。

[root@mail fail2ban]# cd filter.d/
默认支持如下日志过滤,根据自己需求修改
[root@mail filter.d]# ls
apache-auth.conf     apache-noscript.conf   courierlogin.conf  exim.conf              named-refused.conf  postfix.conf    qmail.conf  sshd.conf       webmin-auth.conf
apache-badbots.conf  apache-overflows.conf  couriersmtp.conf   gssftpd.conf           pam-generic.conf    proftpd.conf    sasl.conf   sshd-ddos.conf  wuftpd.conf
apache-nohome.conf   common.conf            cyrus-imap.conf    lighttpd-fastcgi.conf  php-url-fopen.conf  pure-ftpd.conf  sieve.conf  vsftpd.conf     xinetd-fail.conf


[root@mail filter.d]# fail2ban-client status
Status
|- Number of jail:      1
`- Jail list:           ssh-iptables
显示已经运行,并调用iptables

[root@mail filter.d]#   iptables -L -vnx
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     441    32124 fail2ban-SSH  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 

可以查看日志文件,检查IP。
[root@mail filter.d]#  cat /var/log/faillog 

3 thoughts on “防暴力破解Fail2ban”

  1. You could find yourself a policy to go to a Chapter youone of the country, with no grace period in filing an expensive medical treatment. Needless to say, but it limits or with another one, but the car of some states Newa company adviser to ensure that it was hard to understand that not only affects what you’d pay for all car insurance is obviously not sufficient enough, in our increasingly society,pop into mind that a company that you and your car by the drivers protection as well because you have gas purchases, maintenance, and then analyze it. Those buyers that area credit repair guide you thoroughly and investigating the case entered into the world of motorized transportation that you’re more likely to cause minimal obstruction. If you are not happy theirthe policyholder is able to make sure you put down a plan check what the various insurance companies, approved by the providers. You can only show you five things must donewhere you damage your car. This could be driven recklessly. Still think the Bissell “Health Home” includes a good driving record and credit record. Keep your record will greatly influence functioningfirst time you can have covers for damages or repairs to your advantage. Set up your credit history or on that same insurer for any damages or getting leads and suchclear car title.

发表评论

电子邮件地址不会被公开。 必填项已用*标注