centos7 的 vps 最近登录发现了有几万次尝试登录,这里使用 fail2ban 来简单防御下。
安装
yum install epel-release -y #安装前置依赖
yum install fail2ban -y #安装fail2ban
配置
cd /etc/fail2ban/
cp jail.conf jail.local #不同版本可能已经存在
vim jail.local
###配置文件##
ignoreip = 127.0.0.1/8
bantime = 86400
findtime = 600
maxretry = 3
#这里banaction必须用firewallcmd-ipset,这是fiewalll支持的关键,如果是用Iptables请不要这样填写
banaction = firewallcmd-ipset
action = %(action_mwl)s
[sshd]
enabled = true
filter = sshd
port = 22
action = %(action_mwl)s
logpath = /var/log/auth.log
启动
systemctl start fail2ban
systemctl enable fail2ban
日志查看
fail2ban-client status
tailf /var/log/fail2ban.log