search

tiancheng91 / collection

笔记
https://github.com/tiancheng91/collection/issues
21 stars 1 forks source link

fail2ban cheatsheet #71

Open tiancheng91 opened 1 year ago

tiancheng91 commented 1 year ago

cli

工具 作用
fail2ban-client 客户端工具
fail2ban-regex 验证正则匹配 
# 查看启用的规则
fail2ban-client status

# 查看规则详情
fail2ban-client status sshd

## 重新加载配置
fail2ban-client reload

## 手动解禁IP
fail2ban-client set sshd unbanip 192.168.1.1

配置

配置文件目录 作用
/etc/fail2ban/jail.d ban的规则,如多少次触发,触发后封禁多久等
/etc/fail2ban/filter.d 过滤规则,匹配日志的正则配置

创建配置文件 

echo '
[Definition]
failregex = <HOST> -.*- .*HTTP/1.* .* .*$
ignoreregex = 
' > /etc/fail2ban/filter.d/nginx-cc.conf

echo '
[nginx-cc]
enabled = true
port = http,https
filter = nginx-cc
action = %(action_mwl)s
maxretry = 20
findtime = 10
bantime = 86400
logpath = /var/log/nginx/access.log
' > /etc/fail2ban/jail.d/nginx-cc.conf

test

# 正则规则检查
fail2ban-regex /var/log/nginx/access.log "<HOST> -.*- .*HTTP/1.* .* .*$"

# 根据配置文件检查
fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/nginx-cc.conf