fail2ban可以设置对方密码失败n次后用防火墙屏蔽n分钟, 写入日志中,并可邮件你。 时间到后会恢复iptables,很干净
http://sourceforge.net/projects/fail2ban/files/ http://www.fail2ban.org/
目前最新版为0.8.4
下载安装 wget “http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=ncu” #tar xvfj fail2ban-0.8.4.tar.bz2 #cd fail2ban-0.8.4 #python setup.py install #cp ./files/redhat-initd /etc/init.d/fail2ban #./files目录下还有供其它系统使用的文件如:getoon,suse等 #chkconfig –add fail2ban #添加开机启动 #chkconfig –list |grep fail2ban #检查一下是否已装载到服务
修改配置文件
/etc/fail2ban/fail2ban.conf 可以定义日志记录级别,保存路径及套接字文件,这个使用默认 #vi /etc/fail2ban/jail.conf
#service fail2ban start 注:如果重起iptables 记的一定还要重起fail2ban(fail2ban-client reload),不然他就不能生效,fail2ban的过滤表是在iptables 启动后在加入的.
测试 #tail -f /var/log/secure /var/log/fail2ban.log ==> /var/log/secure <== Jan 13 17:02:02 localhost sshd[24207]: Failed password for c1g from 192.168.1.8 port 10270 ssh2 Jan 13 17:02:12 localhost last message repeated 2 times Jan 13 17:02:19 localhost sshd[24287]: Failed password for c1g from 192.168.1.8 port 10398 ssh2 Jan 13 17:02:28 localhost last message repeated 2 times Jan 13 17:02:35 localhost sshd[24322]: Failed password for c1g from 192.168.1.8 port 10447 ssh2
==> /var/log/fail2ban.log <== 2010-01-13 17:02:36,849 fail2ban.actions: WARNING [ssh-iptables] Ban 192.168.1.8
==> /var/log/fail2ban.log <== 2010-01-13 17:12:36,852 fail2ban.actions: WARNING [ssh-iptables] Unban 192.168.1.8
#fail2ban-client status ssh-iptables
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.