修改 /etc/proftpd.conf 讓 ProFTPD FTP Server 產生單獨的 log 檔
# vim /etc/proftpd.conf
# 產生 log 檔
SystemLog /var/log/proftpd/proftpd.log
TransferLog /var/log/proftpd/xferlog
重新啟動 ProFTPD Server
# service proftpd restart
Shutting down proftpd: [ OK ]
Starting proftpd: [ OK ]
在 /var/log/proftpd 目錄之下可以看到 Log 檔
# ls -l /var/log/proftpd/proftpd.log
-rw-r—–. 1 root root 129 Jan 1 14:24 /var/log/proftpd/proftpd.log[@more@]
修改 /etc/fail2ban/jail.conf 設定檔
# vim /etc/fail2ban/jail.conf
[proftpd-iptables]
enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
# sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 3
bantime = 86400
重新啟動 fail2ban
# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: [ OK ]
# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: proftpd-iptables, ssh-iptables
嘗試連線錯誤幾次之後
# fail2ban-client status proftpd-iptables
Status for the jail: proftpd-iptables
|- filter
| |- File list: /var/log/proftpd/proftpd.log
| |- Currently failed: 0
| `- Total failed: 3
`- action
|- Currently banned: 1
| `- IP list: 192.168.1.1
`- Total banned: 1
在防火牆中的規則
# iptables -t filter -L fail2ban-ProFTPD -n
Chain fail2ban-ProFTPD (1 references)
target prot opt source destination
DROP all — 192.168.1.1 0.0.0.0/0
RETURN all — 0.0.0.0/0 0.0.0.0/0