设置Fail2Ban
设置Fail2Ban
提问于 2020-02-08 17:09:18
我是fail2ban的新手。我想设置Fail2Ban,以便在两次失败的登录尝试中禁止一个IP一个小时。我有以下设置:
/etc/fail2ban/jail.local.conf
[DEFAULT]
bantime = 3600
maxretry = 2
backend = systemd
usedns = warn
mode = normal
destemail = <MYEMAIL>
sender = <MYSENDER>
protocol = tcp
chain = <known/chain>
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
...
# Choose default action. To change, just override value of 'action' with
# the interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mw)s
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[dropbear]
port = ssh
logpath = %(dropbear_log)s
backend = %(dropbear_backend)s
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s在systemctl status fail2ban.service上,我看到服务已经启动。我的假设是它使用jail.local.conf文件。没有报告错误。我没有安装iptables。这有必要吗?如果是这样的话,如何用我现有的fail2ban设置来设置它?
回答 1
Server Fault用户
发布于 2021-01-16 22:20:43
你的文件的名字不对。fail2ban将读取一个名为jail.local的文件,而不是jail.local.conf。重命名文件并重新启动fail2ban。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1002324
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号