工具推荐:Fail2ban 防范暴破

Spoony 9.9m2019-06-11559 次点击
Fail2ban 能够监控系统日志,匹配日志中的错误信息(使用正则表达式),执行相应的屏蔽动作(支持多种,一般为调用 iptables ),是一款很实用、强大的软件。

安装Fail2ban
```
yum install -y epel-release
yum install -y fail2ban
```

配置Fail2ban
```
vi /etc/fail2ban/jail.conf
[http-get-dos]
enabled = true
port = http
filter = http-get-dos
logpath = /home/wwwlogs/access.log
maxretry = 100
findtime = 5
bantime = 600
action = iptables[name=HTTP,port=http,protocol=tcp]

/* 参数含义
filter = http-get-dos #--filter.d/http-get-dos.conf 文件名
logpath = /home/wwwlogs/access.log #--需要监控nginx日志log
maxretry = 100 #-- 最多访问100
findtime = 10 #-- 10秒
bantime = 1200 #-- 20分钟
*/

vi /etc/fail2ban/filter.d/http-get-dos.conf
[Definition]
failregex = <HOST> -.*- .*HTTP/1.* .* .*$
ignoreregex =
```

配置Fail2ban日志
```
vi /etc/fail2ban/fail2ban.conf
loglevel = WARNING
logtarget = /var/log/fail2ban.log
```

重启生效
```
service fail2ban restart
```

屏蔽日志
```
tail -f /var/log/fail2ban.log
```

删除屏蔽
```
iptables -D f2b-HTTP 1
```

定时清理 nginx / fail2ban 日志
```
vi /root/scripts/del_cc_log.sh
#! /bin/bash

cat /dev/null > /home/wwwlogs/access.log
cat /dev/null > /var/log/fail2ban.log

crontab -e
30 3 * * 0 sh /root/scripts/del_cc_log.sh
```

开启crontab
```
/etc/init.d/crond start
chkconfig --list|grep crond
```

屏蔽ssh探测
```
vi /etc/fail2ban/jail.conf

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 10
bantime = 144000
```

http://www.fail2ban.org/wiki/index.php/Main_Page
收藏 ♥ 感谢
暂无回复

登录注册 后可回复。