ubuntu系统
sudo apt install fail2ban -y
启动软件
sudo systemctl start fail2ban.service
查看启动状态
sudo systemctl status fail2ban.service
停用
sudo systemctl stop fail2ban.service
设置为开机启动
sudo systemctl enable fail2ban.service
切换到目录/etc/fail2ban/jail.d/
cd /etc/fail2ban/jail.d/ sudo vi defaults-debian.conf
修改为:
[sshd] enabled = true maxretry = 5 findtime = 10m bantime = 10m
解读:
上面配置组合意思就是 同一个ip过来登录ssh,在10分钟内错误5次封锁10分钟
设定好配置后重启fail2ban服务
sudo systemctl restart fail2ban.service
通过xshell 访问指定服务器,然后错误5次得到下面响应
查看某个服务下封锁ip情况
sudo fail2ban-client status sshd
解锁某个ip
sudo fail2ban-client set sshd unbanip 114.114.114.114
https://www.leftso.com/article/2312121940053698.html