debian/ubuntu系列

#安装fail2ban
apt update && apt install fail2ban rsyslog -y

#配置 your-key改为你的abuseipdb  apikey
nano /etc/fail2ban/jail.local

[DEFAULT]
# 定义默认的 ban 和 unban 时间
bantime = 3600   # 1小时
findtime = 300   # 5分钟
maxretry = 2
ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 169.254.0.0/16 ::1

action = iptables-multiport[name="%(banaction)s", port="%(port)s", protocol="tcp"]
         abuseipdb[abuseipdb_apikey="your-key", abuseipdb_category="18,21,22"]

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 2
findtime = 3600
bantime = 604800 #如果之前有默认配置
mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak

#重启fail2ban配置 如果没有错误就没问题
systemctl restart sshd
systemctl restart fail2ban
fail2ban-client reload

提示 fail2ban版本要大于0.10     fail2ban-client -V 查看版本

官方默认配置最新版

wget -O /etc/fail2ban/action.d/abuseipdb.conf https://github.com/fail2ban/fail2ban/raw/refs/heads/master/config/action.d/abuseipdb.conf

官方配置示例

https://www.abuseipdb.com/fail2ban.html

查看ssh日志是否存在

ls -l /var/log/auth.log

查看状态

systemctl status fail2ban
fail2ban-client status sshd

一键版本

curl -sSL https://gist.github.com/ylx2016/6407d74c4b7ac08548941eac7dffcdb9/raw/90608cd1d6c02aa401f072278d80408c7b67bd1a/fail2ban.sh  | bash -s "apikey"