1.安装软件
yum install fail2ban -y
# ubuntu 对应安装命令是
apt install fail2ban -y
2.修改配置
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH,port=ssh,protocol=tcp]
#ubuntu对应的文件是/var/log/auth.log
logpath = /var/log/secure
#这三个代表的是 将5分钟内频繁访问失败3次的IP屏蔽3600秒
maxretry = 3
findtime = 300
bantime = 3600
3.启动服务
systemctl restart fail2ban.service
systemctl enable fail2ban.service
4.模拟登录
ssh youserver_ip
5.审计查看
iptables -L -n | tail
fail2ban-client status ssh-iptables
5.误报移除
fail2ban-client set ssh-iptables unbanip yourip
