Fail2ban是类似于DenyHosts的防暴力破解软件,也是python开发,它不仅仅支持ssh服务,还支持ftp,mail等,也不仅仅支持hosts.deny,还可以调用iptables屏蔽IP.
官网:http://www.fail2ban.org/wiki/index.php/Main_Page
下载:http://sourceforge.net/projects/fail2ban/files/
https://github.com/downloads/fail2ban/fail2ban/fail2ban_0.8.6.orig.tar.gz
参考:http://www.fail2ban.org/wiki/index.php/HOWTOs
显示代码
安装:
wget -c http: //dl .fedoraproject.org /pub/epel/5/x86_64/epel-release-5-4 .noarch.rpm
yum install fail2ban
或者
# tar -xjvf fail2ban-0.8.4.tar.bz2
# cd fail2ban-0.8.4
# python setup.py install
# cp files/redhat-initd /etc/init.d/fail2ban
# chkconfig –add fail2ban
# chkconfig fail2ban on
# service fail2ban start
应用:
[root@mail fail2ban] # pwd
/etc/fail2ban
[root@mail fail2ban] # ll
total 20
drwxr-xr-x 2 root root 4096 Mar 29 15:08 action.d 动作
-rw-r--r-- 1 root root 844 Sep 16 2009 fail2ban.conf 日志级别,日志输入,日志soeket三个配置项
drwxr-xr-x 2 root root 4096 Mar 29 15:08 filter.d 要过滤的日志文件配置
-rw-r--r-- 1 root root 6545 Mar 29 15:53 jail.conf 主配置文件,IP白名单,尝试次数,屏蔽时长,过滤选项等
[root@mail fail2ban] #
默认一般sshd服务是开启的, true 状态,其他可以参照sshd配置修改,修改自己的收发邮件地址,需要开启sendmail。
[root@mail fail2ban] # cd filter.d/
默认支持如下日志过滤,根据自己需求修改
[root@mail filter.d] # ls
apache-auth.conf apache-noscript.conf courierlogin.conf exim.conf named-refused.conf postfix.conf qmail.conf sshd.conf webmin-auth.conf
apache-badbots.conf apache-overflows.conf couriersmtp.conf gssftpd.conf pam-generic.conf proftpd.conf sasl.conf sshd-ddos.conf wuftpd.conf
apache-nohome.conf common.conf cyrus-imap.conf lighttpd-fastcgi.conf php-url-fopen.conf pure-ftpd.conf sieve.conf vsftpd.conf xinetd-fail.conf
[root@mail filter.d] # fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh -iptables
显示已经运行,并调用iptables
[root@mail filter.d] # iptables -L -vnx
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
441 32124 fail2ban-SSH tcp -- * * 0.0.0.0 /0 0.0.0.0 /0 tcp dpt:22
可以查看日志文件,检查IP。
[root@mail filter.d] # cat /var/log/faillog