LSA Notes — 服务器系统架构

/var/log/fail2ban.log {
weekly
rotate 7
missingok
compress
postrotate
/usr/bin/fail2ban-client reload 1>/dev/null || true endscript }

修改/etc/fail2ban/jail.conf
ignoreip = 127.0.0.1  # 忽悠 IP范围 如果有二组以上用空白做为间隔
bantime  = 600         # 设定 IP 被封锁的时间(秒)，如果值为 -1，代表永远封锁
findtime  = 600       # 设定在多少时间内达到 maxretry 的次数就封锁
maxretry = 3        # 允许尝试的次数
#针对sshd暴力入侵防护
[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=root]
logpath  = /var/log/secure
maxretry = 5    # 如果有个别的次数设定就设在这里
#针对vsftpd暴力入侵防护
[vsftpd-iptables]
enabled  = true
filter   = vsftpd
action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@mail.com]
logpath  = /var/log/secure
maxretry = 3      建议设置成maxretry为 3 表示3次错误就封锁
bantime  = 1800

 Did not receive identification string from 192.168.11.2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41017 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41096 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41162 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41209 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41267 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41323 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41376 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41433 ssh2
 Invalid user test from 192.168.11.2
 Failed password for invalid user test from 192.168.11.2 port 41484 ssh2

fail2ban.actions: WARNING [ssh-iptables] Ban 192.168.11.2
fail2ban.actions: WARNING [ssh-iptables] Unban 192.168.11.2