Fail2ban is a tool used to prevent brute force attacks by monitoring log files and blocking IP addresses when malicious behavior is detected. Here are the basic usage instructions for Fail2ban:
-
Install Fail2ban:
For Debian/Ubuntu systems, use the following commands to install:
sudo apt-get update sudo apt-get install fail2ban
For CentOS/RHEL systems, use the following commands to install:
sudo yum install epel-release sudo yum install fail2ban
-
Configure Fail2ban:
The configuration files for Fail2ban are located in the /etc/fail2ban/
directory. First, copy the default configuration file jail.conf
to create a new file named jail.local
:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Use a text editor to edit the newly created jail.local
file:
sudo nano /etc/fail2ban/jail.local
In this file, you can configure the following as needed:
ignoreip
: Set IP addresses that Fail2ban will not monitor.bantime
: Set the ban time (in seconds), default is 600 seconds (10 minutes).findtime
: Set the maximum number of failures that will trigger a ban within this time period (in seconds), default is 600 seconds (10 minutes).maxretry
: Set the maximum number of allowed failures; exceeding this will trigger a ban, default is 5 attempts.
You can also configure different services (such as SSH, Apache, Nginx, etc.) individually. In the corresponding service section, set enabled
to true
, and adjust other parameters as needed.
-
Start and enable Fail2ban:
For Debian/Ubuntu systems, use the following commands to start and enable Fail2ban:
sudo systemctl start fail2ban sudo systemctl enable fail2ban
For CentOS/RHEL systems, use the following commands to start and enable Fail2ban:
sudo systemctl start fail2ban sudo systemctl enable fail2ban
-
View and manage Fail2ban:
Use the following command to view the status of Fail2ban:
sudo fail2ban-client status
To check the status of a specific service (such as SSH), use the following command:
sudo fail2ban-client status sshd
To unban an IP address, use the following command:
sudo fail2ban-client set sshd unbanip <IP_ADDRESS>
These are the basic usage instructions for Fail2ban. You can further configure and optimize Fail2ban settings according to your actual needs.
文章评论