fail2ban 在 CentOS 7.x 上的執行方式和之前的 CentOS 5.x/6.x 有一些不同
安裝方式:
1. 使用 epel 套件庫
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
# yum install fail2ban –enablerepo=epel[@more@]2. 這裡以建立 ssh 服務保護為例
# vim /etc/fail2ban/jail.d/sshd.local
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400
3. 啟動 fail2ban
# systemctl start fail2ban
4. 設定開機時啟動
# systemctl enable fail2ban
5. 進行測試
login as: root
root@192.168.1.111’s password: ***
Access denied
root@192.168.1.111’s password: **
Access denied
root@192.168.1.111’s password: ***
Access denied
root@192.168.1.111’s password: ***
# iptables -L -n | tail -4
Chain f2b-SSH (1 references)
target prot opt source destination
REJECT all — 192.168.1.3 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all — 0.0.0.0/0 0.0.0.0/0