debian/ubuntu系列
#安装fail2ban apt update && apt install fail2ban rsyslog -y #配置 your-key改为你的abuseipdb apikey nano /etc/fail2ban/jail.local [DEFAULT] # 定义默认的 ban 和 unban 时间 bantime = 3600 # 1小时 findtime = 300 # 5分钟 maxretry = 2 ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 169.254.0.0/16 ::1 action = iptables-multiport[name="%(banaction)s", port="%(port)s", protocol="tcp"] abuseipdb[abuseipdb_apikey="your-key", abuseipdb_category="18,21,22"] [sshd] enabled = true port = ssh filter = sshd logpath = %(sshd_log)s backend = %(sshd_backend)s maxretry = 2 findtime = 3600 bantime = 604800 #如果之前有默认配置 mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak #重启fail2ban配置 如果没有错误就没问题 systemctl restart sshd systemctl restart fail2ban fail2ban-client reload
提示 fail2ban版本要大于0.10 fail2ban-client -V 查看版本
官方默认配置最新版
wget -O /etc/fail2ban/action.d/abuseipdb.conf https://github.com/fail2ban/fail2ban/raw/refs/heads/master/config/action.d/abuseipdb.conf
官方配置示例
https://www.abuseipdb.com/fail2ban.html
查看ssh日志是否存在
ls -l /var/log/auth.log
查看状态
systemctl status fail2ban fail2ban-client status sshd
一键版本
curl -sSL https://gist.github.com/ylx2016/6407d74c4b7ac08548941eac7dffcdb9/raw/90608cd1d6c02aa401f072278d80408c7b67bd1a/fail2ban.sh | bash -s "apikey"