manganese_zh

博客园 首页 联系 订阅 管理
fail2ban源码安装与使用

1.fail2ban介绍
Fail2Ban是一款入侵防御软件,可以保护服务器免受暴力攻击。它是用Python编程语言编写的,基于auth日志文件工作,默认情况下它会扫描所有auth日志文件,/var/log/auth.log、/var/log/apache/access.log等,并禁止带有恶意标志的IP,比如密码失败太多,寻找漏洞等等标志。通常,Fail2Ban用于更新防火墙规则,用于在指定的时间内拒绝IP地址。它也会发送邮件通知。Fail2Ban为各种服务提供了许多过滤器,如 ssh、apache、nginx、squid、named、mysql、nagios等。Fail2Ban能够降低错误认证尝试的速度,但是它不能消除弱认证带来的风险,因为它只是服务器防止暴力攻击的安全手段之一。
解决问题肯定是越简单越好,而Fail2Ban就是解决棘手问题的一种优雅的解决方案,它只需很少的配置,几乎不会给您或您的计算机带来任何操作开销。
使用Fail2Ban,您的Linux计算机会自动阻止连接失败过多的IP地址。这是自我调节的安全性!
如果您的计算机接受传入的连接请求(例如Secure Shell(SSH)连接)或者充当Web或电子邮件服务器,则需要保护它免受暴力攻击和密码猜测者的攻击。
为此,您需要监视无法进入帐户的连接请求。如果他们在短时间内反复未能通过身份验证,则应禁止他们进行进一步尝试。实际上可以实现的唯一方法是使整个过程自动化。只需进行一些简单的配置,即可为您fail2ban管理监视,禁止和取消禁止。
Fail2Ban与Linux防火墙集成iptables。iptables通过向防火墙添加规则来强制实施对可疑IP地址的禁止。当然,如果您担心安全性,则可能已为防火墙配置了填充良好的规则集。Fail2Ban仅添加和删除其自己的规则-您的常规防火墙功能将保持不变。

2.源码下载安装
http://www.fail2ban.org/wiki/index.php/Downloads
解压:tar zxvf download/fail2ban-0.8.14.tar.gz -C fail2ban
安装:
cd /home/fail2ban/fail2ban-0.8.14
root@kali:/home/fail2ban/fail2ban-0.8.14# python setup.py install
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/common
copying common/version.py -> build/lib.linux-x86_64-2.7/common
copying common/protocol.py -> build/lib.linux-x86_64-2.7/common
copying common/__init__.py -> build/lib.linux-x86_64-2.7/common
copying common/exceptions.py -> build/lib.linux-x86_64-2.7/common
copying common/helpers.py -> build/lib.linux-x86_64-2.7/common
creating build/lib.linux-x86_64-2.7/client
copying client/configreader.py -> build/lib.linux-x86_64-2.7/client
copying client/__init__.py -> build/lib.linux-x86_64-2.7/client
copying client/filterreader.py -> build/lib.linux-x86_64-2.7/client
copying client/configparserinc.py -> build/lib.linux-x86_64-2.7/client
copying client/fail2banreader.py -> build/lib.linux-x86_64-2.7/client
copying client/jailsreader.py -> build/lib.linux-x86_64-2.7/client
copying client/configurator.py -> build/lib.linux-x86_64-2.7/client
copying client/beautifier.py -> build/lib.linux-x86_64-2.7/client
copying client/csocket.py -> build/lib.linux-x86_64-2.7/client
copying client/jailreader.py -> build/lib.linux-x86_64-2.7/client
copying client/actionreader.py -> build/lib.linux-x86_64-2.7/client
creating build/lib.linux-x86_64-2.7/server
copying server/faildata.py -> build/lib.linux-x86_64-2.7/server
copying server/filterpyinotify.py -> build/lib.linux-x86_64-2.7/server
copying server/datetemplate.py -> build/lib.linux-x86_64-2.7/server
copying server/__init__.py -> build/lib.linux-x86_64-2.7/server
copying server/failregex.py -> build/lib.linux-x86_64-2.7/server
copying server/asyncserver.py -> build/lib.linux-x86_64-2.7/server
copying server/actions.py -> build/lib.linux-x86_64-2.7/server
copying server/transmitter.py -> build/lib.linux-x86_64-2.7/server
copying server/iso8601.py -> build/lib.linux-x86_64-2.7/server
copying server/failmanager.py -> build/lib.linux-x86_64-2.7/server
copying server/jailthread.py -> build/lib.linux-x86_64-2.7/server
copying server/jail.py -> build/lib.linux-x86_64-2.7/server
copying server/jails.py -> build/lib.linux-x86_64-2.7/server
copying server/datedetector.py -> build/lib.linux-x86_64-2.7/server
copying server/banmanager.py -> build/lib.linux-x86_64-2.7/server
copying server/action.py -> build/lib.linux-x86_64-2.7/server
copying server/mytime.py -> build/lib.linux-x86_64-2.7/server
copying server/filter.py -> build/lib.linux-x86_64-2.7/server
copying server/server.py -> build/lib.linux-x86_64-2.7/server
copying server/ticket.py -> build/lib.linux-x86_64-2.7/server
copying server/filterpoll.py -> build/lib.linux-x86_64-2.7/server
copying server/filtergamin.py -> build/lib.linux-x86_64-2.7/server
creating build/lib.linux-x86_64-2.7/testcases
copying testcases/clientreadertestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/actiontestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/__init__.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/utils.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/datedetectortestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/dummyjail.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/misctestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/samplestestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/servertestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/actionstestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/filtertestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/failmanagertestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/sockettestcase.py -> build/lib.linux-x86_64-2.7/testcases
copying testcases/banmanagertestcase.py -> build/lib.linux-x86_64-2.7/testcases
running build_scripts
creating build/scripts-2.7
copying and adjusting fail2ban-client -> build/scripts-2.7
copying and adjusting fail2ban-server -> build/scripts-2.7
copying and adjusting fail2ban-regex -> build/scripts-2.7
changing mode of build/scripts-2.7/fail2ban-client from 644 to 755
changing mode of build/scripts-2.7/fail2ban-server from 644 to 755
changing mode of build/scripts-2.7/fail2ban-regex from 644 to 755
running install_lib
creating /usr/share/fail2ban
creating /usr/share/fail2ban/common
copying build/lib.linux-x86_64-2.7/common/version.py -> /usr/share/fail2ban/common
copying build/lib.linux-x86_64-2.7/common/protocol.py -> /usr/share/fail2ban/common
copying build/lib.linux-x86_64-2.7/common/__init__.py -> /usr/share/fail2ban/common
copying build/lib.linux-x86_64-2.7/common/exceptions.py -> /usr/share/fail2ban/common
copying build/lib.linux-x86_64-2.7/common/helpers.py -> /usr/share/fail2ban/common
creating /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/configreader.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/__init__.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/filterreader.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/configparserinc.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/fail2banreader.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/jailsreader.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/configurator.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/beautifier.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/csocket.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/jailreader.py -> /usr/share/fail2ban/client
copying build/lib.linux-x86_64-2.7/client/actionreader.py -> /usr/share/fail2ban/client
creating /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/faildata.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/filterpyinotify.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/datetemplate.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/__init__.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/failregex.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/asyncserver.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/actions.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/transmitter.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/iso8601.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/failmanager.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/jailthread.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/jail.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/jails.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/datedetector.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/banmanager.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/action.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/mytime.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/filter.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/server.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/ticket.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/filterpoll.py -> /usr/share/fail2ban/server
copying build/lib.linux-x86_64-2.7/server/filtergamin.py -> /usr/share/fail2ban/server
creating /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/clientreadertestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/actiontestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/__init__.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/utils.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/datedetectortestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/dummyjail.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/misctestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/samplestestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/servertestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/actionstestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/filtertestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/failmanagertestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/sockettestcase.py -> /usr/share/fail2ban/testcases
copying build/lib.linux-x86_64-2.7/testcases/banmanagertestcase.py -> /usr/share/fail2ban/testcases
byte-compiling /usr/share/fail2ban/common/version.py to version.pyc
byte-compiling /usr/share/fail2ban/common/protocol.py to protocol.pyc
byte-compiling /usr/share/fail2ban/common/__init__.py to __init__.pyc
byte-compiling /usr/share/fail2ban/common/exceptions.py to exceptions.pyc
byte-compiling /usr/share/fail2ban/common/helpers.py to helpers.pyc
byte-compiling /usr/share/fail2ban/client/configreader.py to configreader.pyc
byte-compiling /usr/share/fail2ban/client/__init__.py to __init__.pyc
byte-compiling /usr/share/fail2ban/client/filterreader.py to filterreader.pyc
byte-compiling /usr/share/fail2ban/client/configparserinc.py to configparserinc.pyc
byte-compiling /usr/share/fail2ban/client/fail2banreader.py to fail2banreader.pyc
byte-compiling /usr/share/fail2ban/client/jailsreader.py to jailsreader.pyc
byte-compiling /usr/share/fail2ban/client/configurator.py to configurator.pyc
byte-compiling /usr/share/fail2ban/client/beautifier.py to beautifier.pyc
byte-compiling /usr/share/fail2ban/client/csocket.py to csocket.pyc
byte-compiling /usr/share/fail2ban/client/jailreader.py to jailreader.pyc
byte-compiling /usr/share/fail2ban/client/actionreader.py to actionreader.pyc
byte-compiling /usr/share/fail2ban/server/faildata.py to faildata.pyc
byte-compiling /usr/share/fail2ban/server/filterpyinotify.py to filterpyinotify.pyc
byte-compiling /usr/share/fail2ban/server/datetemplate.py to datetemplate.pyc
byte-compiling /usr/share/fail2ban/server/__init__.py to __init__.pyc
byte-compiling /usr/share/fail2ban/server/failregex.py to failregex.pyc
byte-compiling /usr/share/fail2ban/server/asyncserver.py to asyncserver.pyc
byte-compiling /usr/share/fail2ban/server/actions.py to actions.pyc
byte-compiling /usr/share/fail2ban/server/transmitter.py to transmitter.pyc
byte-compiling /usr/share/fail2ban/server/iso8601.py to iso8601.pyc
byte-compiling /usr/share/fail2ban/server/failmanager.py to failmanager.pyc
byte-compiling /usr/share/fail2ban/server/jailthread.py to jailthread.pyc
byte-compiling /usr/share/fail2ban/server/jail.py to jail.pyc
byte-compiling /usr/share/fail2ban/server/jails.py to jails.pyc
byte-compiling /usr/share/fail2ban/server/datedetector.py to datedetector.pyc
byte-compiling /usr/share/fail2ban/server/banmanager.py to banmanager.pyc
byte-compiling /usr/share/fail2ban/server/action.py to action.pyc
byte-compiling /usr/share/fail2ban/server/mytime.py to mytime.pyc
byte-compiling /usr/share/fail2ban/server/filter.py to filter.pyc
byte-compiling /usr/share/fail2ban/server/server.py to server.pyc
byte-compiling /usr/share/fail2ban/server/ticket.py to ticket.pyc
byte-compiling /usr/share/fail2ban/server/filterpoll.py to filterpoll.pyc
byte-compiling /usr/share/fail2ban/server/filtergamin.py to filtergamin.pyc
byte-compiling /usr/share/fail2ban/testcases/clientreadertestcase.py to clientreadertestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/actiontestcase.py to actiontestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/__init__.py to __init__.pyc
byte-compiling /usr/share/fail2ban/testcases/utils.py to utils.pyc
byte-compiling /usr/share/fail2ban/testcases/datedetectortestcase.py to datedetectortestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/dummyjail.py to dummyjail.pyc
byte-compiling /usr/share/fail2ban/testcases/misctestcase.py to misctestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/samplestestcase.py to samplestestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/servertestcase.py to servertestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/actionstestcase.py to actionstestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/filtertestcase.py to filtertestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/failmanagertestcase.py to failmanagertestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/sockettestcase.py to sockettestcase.pyc
byte-compiling /usr/share/fail2ban/testcases/banmanagertestcase.py to banmanagertestcase.pyc
running install_scripts
copying build/scripts-2.7/fail2ban-regex -> /usr/local/bin
copying build/scripts-2.7/fail2ban-client -> /usr/local/bin
copying build/scripts-2.7/fail2ban-server -> /usr/local/bin
changing mode of /usr/local/bin/fail2ban-regex to 755
changing mode of /usr/local/bin/fail2ban-client to 755
changing mode of /usr/local/bin/fail2ban-server to 755
running install_data
creating /etc/fail2ban
copying config/fail2ban.conf -> /etc/fail2ban
copying config/jail.conf -> /etc/fail2ban
creating /etc/fail2ban/filter.d
copying config/filter.d/roundcube-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/postfix.conf -> /etc/fail2ban/filter.d
copying config/filter.d/sshd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/sendmail-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-nohome.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-modsecurity.conf -> /etc/fail2ban/filter.d
copying config/filter.d/ejabberd-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/sogo-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/cyrus-imap.conf -> /etc/fail2ban/filter.d
copying config/filter.d/horde.conf -> /etc/fail2ban/filter.d
copying config/filter.d/exim.conf -> /etc/fail2ban/filter.d
copying config/filter.d/lighttpd-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/perdition.conf -> /etc/fail2ban/filter.d
copying config/filter.d/freeswitch.conf -> /etc/fail2ban/filter.d
copying config/filter.d/dovecot.conf -> /etc/fail2ban/filter.d
copying config/filter.d/nagios.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-noscript.conf -> /etc/fail2ban/filter.d
copying config/filter.d/proftpd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/mysqld-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/3proxy.conf -> /etc/fail2ban/filter.d
copying config/filter.d/uwimap-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/named-refused.conf -> /etc/fail2ban/filter.d
copying config/filter.d/postfix-sasl.conf -> /etc/fail2ban/filter.d
copying config/filter.d/selinux-common.conf -> /etc/fail2ban/filter.d
copying config/filter.d/xinetd-fail.conf -> /etc/fail2ban/filter.d
copying config/filter.d/wuftpd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-badbots.conf -> /etc/fail2ban/filter.d
copying config/filter.d/qmail.conf -> /etc/fail2ban/filter.d
copying config/filter.d/openwebmail.conf -> /etc/fail2ban/filter.d
copying config/filter.d/dropbear.conf -> /etc/fail2ban/filter.d
copying config/filter.d/exim-spam.conf -> /etc/fail2ban/filter.d
copying config/filter.d/sshd-ddos.conf -> /etc/fail2ban/filter.d
copying config/filter.d/vsftpd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/php-url-fopen.conf -> /etc/fail2ban/filter.d
copying config/filter.d/asterisk.conf -> /etc/fail2ban/filter.d
copying config/filter.d/webmin-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-overflows.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-common.conf -> /etc/fail2ban/filter.d
copying config/filter.d/common.conf -> /etc/fail2ban/filter.d
copying config/filter.d/apache-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/sendmail-reject.conf -> /etc/fail2ban/filter.d
copying config/filter.d/gssftpd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/couriersmtp.conf -> /etc/fail2ban/filter.d
copying config/filter.d/solid-pop3d.conf -> /etc/fail2ban/filter.d
copying config/filter.d/exim-common.conf -> /etc/fail2ban/filter.d
copying config/filter.d/pam-generic.conf -> /etc/fail2ban/filter.d
copying config/filter.d/recidive.conf -> /etc/fail2ban/filter.d
copying config/filter.d/groupoffice.conf -> /etc/fail2ban/filter.d
copying config/filter.d/nginx-http-auth.conf -> /etc/fail2ban/filter.d
copying config/filter.d/pure-ftpd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/selinux-ssh.conf -> /etc/fail2ban/filter.d
copying config/filter.d/squid.conf -> /etc/fail2ban/filter.d
copying config/filter.d/sieve.conf -> /etc/fail2ban/filter.d
copying config/filter.d/courierlogin.conf -> /etc/fail2ban/filter.d
copying config/filter.d/nsd.conf -> /etc/fail2ban/filter.d
copying config/filter.d/suhosin.conf -> /etc/fail2ban/filter.d
copying config/filter.d/assp.conf -> /etc/fail2ban/filter.d
creating /etc/fail2ban/action.d
copying config/action.d/iptables.conf -> /etc/fail2ban/action.d
copying config/action.d/osx-afctl.conf -> /etc/fail2ban/action.d
copying config/action.d/sendmail-whois-lines.conf -> /etc/fail2ban/action.d
copying config/action.d/bsd-ipfw.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-ipset-proto6-allports.conf -> /etc/fail2ban/action.d
copying config/action.d/sendmail-buffered.conf -> /etc/fail2ban/action.d
copying config/action.d/apf.conf -> /etc/fail2ban/action.d
copying config/action.d/sendmail-common.conf -> /etc/fail2ban/action.d
copying config/action.d/ipfilter.conf -> /etc/fail2ban/action.d
copying config/action.d/shorewall.conf -> /etc/fail2ban/action.d
copying config/action.d/hostsdeny.conf -> /etc/fail2ban/action.d
copying config/action.d/complain.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-multiport.conf -> /etc/fail2ban/action.d
copying config/action.d/mail-buffered.conf -> /etc/fail2ban/action.d
copying config/action.d/dshield.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-ipset-proto4.conf -> /etc/fail2ban/action.d
copying config/action.d/mail-whois-lines.conf -> /etc/fail2ban/action.d
copying config/action.d/firewallcmd-new.conf -> /etc/fail2ban/action.d
copying config/action.d/mail-whois.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-ipset-proto6.conf -> /etc/fail2ban/action.d
copying config/action.d/blocklist_de.conf -> /etc/fail2ban/action.d
copying config/action.d/mynetwatchman.conf -> /etc/fail2ban/action.d
copying config/action.d/sendmail.conf -> /etc/fail2ban/action.d
copying config/action.d/ufw.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-allports.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-multiport-log.conf -> /etc/fail2ban/action.d
copying config/action.d/ipfw.conf -> /etc/fail2ban/action.d
copying config/action.d/firewallcmd-ipset.conf -> /etc/fail2ban/action.d
copying config/action.d/badips.conf -> /etc/fail2ban/action.d
copying config/action.d/dummy.conf -> /etc/fail2ban/action.d
copying config/action.d/sendmail-whois.conf -> /etc/fail2ban/action.d
copying config/action.d/mail.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-new.conf -> /etc/fail2ban/action.d
copying config/action.d/pf.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-blocktype.conf -> /etc/fail2ban/action.d
copying config/action.d/osx-ipfw.conf -> /etc/fail2ban/action.d
copying config/action.d/route.conf -> /etc/fail2ban/action.d
copying config/action.d/iptables-xt_recent-echo.conf -> /etc/fail2ban/action.d
creating /etc/fail2ban/fail2ban.d
creating /etc/fail2ban/jail.d
creating /var/run/fail2ban
creating /usr/share/doc/fail2ban
copying README.md -> /usr/share/doc/fail2ban
copying DEVELOP -> /usr/share/doc/fail2ban
copying doc/run-rootless.txt -> /usr/share/doc/fail2ban
running install_egg_info
Writing /usr/share/fail2ban/fail2ban-0.8.14.egg-info

Please do not forget to update your configuration files.
They are in /etc/fail2ban/.
root@kali:/home/fail2ban/fail2ban-0.8.14#
---------------------------------------
目录结构介绍:
/etc/fail2ban                    # fail2ban 服务配置目录
/etc/fail2ban/action.d           # iptables 、mail 等动作文件目录
/etc/fail2ban/filter.d           # 条件匹配文件目录,过滤日志关键内容
/etc/fail2ban/jail.conf          # fail2ban 防护配置文件
/etc/fail2ban/fail2ban.conf      # fail2ban 配置文件,定义日志级别、日志、sock 文件位置等

cd /etc/fail2ban                 # 进入配置文件所在的目录
cp jail.conf jail.local          # 备份配置文件
注意:
fail2ban安装后有两个程序,fail2ban-server 和 fail2ban-client,对应的主配置文件是fail2ban.conf 和 jail.conf。
----------------------------------------------
3.配置防护
-----jail.conf主要参数配置----------------
[DEFAULT]               #全局设置
ignoreip = 127.0.0.1       #忽略的IP列表,不受设置限制
bantime  = 600             #屏蔽时间,单位:秒
findtime  = 600             #这个时间段内超过规定次数会被ban掉
maxretry = 3                #最大尝试次数
backend = auto            #日志修改检测机制(gamin、polling和auto这三种)

[sshd]                   #单个服务检查设置,如设置bantime、findtime、maxretry和全局冲突,服务优先级大于全局设置。
enabled  = true             #是否激活此项(true/false)
filter   = sshd              #过滤规则filter的名字,对应filter.d目录下的sshd.conf
action   = iptables[name=SSH, port=ssh, protocol=tcp]#动作的相关参数,对应action.d/iptables.conf文件
logpath  = /var/log/secure         #检测的日志文件path,可以根据自己站点来灵活调整
           /home/wwwlogs/access.log
           /home/wwwlogs/www.imydl.com.log
bantime  = 3600
findtime  = 300
maxretry = 3
------------(示例)--------------------------
(1)编写封禁访问nginx 404状态码的ip地址的配置规则
****************
 vim /etc/fail2ban/filter.d/nginx.conf
  [Definition]
 failregex = <HOST> -.*- .*HTTP/1.* 404 .*$
 ignoreregex =
*****************
(2)保存后测试配置文件相对于日志是否正确
fail2ban-regex /home/wwwlogs/access.log /etc/fail2ban/filter.d/nginx.conf
(3)将封禁规则加入配置文件
vim /etc/fail2ban/jail.conf   # 文件尾部写入

[nginx]
enabled = true
port = http,https
filter = nginx                          # 规则文件的名字
action = iptables[name=nginx, port=http, protocol=tcp]
        # sendmail-whois[name=tomcat, dest=abc@mail.com] 发送邮件功能
logpath = /home/wwwlogs/access.log     # 日志路径
bantime = 14400                           # 封禁的时间
findtime = 3                          # 在几秒内
maxretry = 2                           # 有几次
 
4.运行命令
启动:fail2ban-client start
重载:fail2ban-client reload
停止:fail2ban-client stop
查看状态:fail2ban-client status
将ip加入nginx监狱的白名单:fail2ban-client set nginx addignoreip 180.158.35.30
将ip移除nginx监狱的白名单:fail2ban-client set nginx delignoreip 180.158.35.30
手工ban:fail2ban-client set nginx banip IP地址
手工解:fail2ban-client set nginx unbanip IP地址

5.fail2ban的日志
fail2ban的日志默认在 /var/log/fail2ban.log
日志中记录着Ban IP的记录和UnBan IP的记录,也有修改配置文件重载后的记录。

posted on 2021-02-24 16:09  manganese_zh  阅读(588)  评论(0)    收藏  举报