Centos6.4 安装fail2ban防暴力破解

一. 安装

curl -O https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.9.0

mv 0.9. 0.9..tar.gz

tar zxvf 0.9..tar.gz

cd fail2ban-0.9./

python setup.py build

python setup.py install

二.配置(防ssh暴力)

  

vi /etc/fail2ban/jail.conf

[ssh-iptables]

enabled  = true

filter   = sshd

action   = iptables[name=SSH, port=ssh, protocol=tcp]

           sendmail-whois[name=SSH, dest=caoguo@admin.com, sender=root@localhost, sendername="192.168.1.25"]

logpath  = /var/log/secure

maxretry =

  

三.配置开机启动脚本

fail2ban-client -x start

fail2ban-client -x stop

fail2ban-client -x reload

[root@gateway ~]# cat /etc/init.d/fail2ban

#!/bin/bash

#

# chkconfig: -

# processname: fail2ban-server

# config: /etc/fail2ban/fail2ban.conf

# pidfile: /var/run/fail2ban/fail2ban.pid

# description: fail2ban is a daemon to ban hosts that cause multiple authentication errors

#

### BEGIN INIT INFO

# Provides: fail2ban

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Should-Start: $time $network $syslog iptables firehol shorewall ferm

# Should-Stop: $network $syslog iptables firehol shorewall ferm

# Default-Start:

# Default-Stop:

# Short-Description: Start/Stop fail2ban

# Description: Start/Stop fail2ban, a daemon to ban hosts that cause multiple authentication errors

### END INIT INFO

# Source function library.

. /etc/rc.d/init.d/functions

# Check that the config file exists

[ -f /etc/fail2ban/fail2ban.conf ] || exit 

FAIL2BAN="/usr/bin/fail2ban-client"

prog=fail2ban-server

lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}

socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}

pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}

RETVAL=

start() {

    echo -n $"Starting fail2ban: "

    ${FAIL2BAN} -x start > /dev/null

    RETVAL=$?

    if [ $RETVAL =  ]; then

        touch ${lockfile}

        echo_success

    else

        echo_failure

    fi

    echo

    return $RETVAL

}

stop() {

    echo -n $"Stopping fail2ban: "

    ${FAIL2BAN} stop > /dev/null

    RETVAL=$?

    if [ $RETVAL =  ]; then

        rm -f ${lockfile} ${pidfile}

        echo_success

    else

        echo_failure

    fi

    echo

    return $RETVAL

}

reload() {

    echo "Reloading fail2ban: "

    ${FAIL2BAN} reload

    RETVAL=$?

    echo

    return $RETVAL

}

# See how we were called.

case "$1" in

    start)

        status -p ${pidfile} ${prog} >/dev/null >& && exit

        start

        ;;

    stop)

        stop

        ;;

    reload)

        reload

        ;;

    restart)

        stop

        start

        ;;

    status)

        status -p ${pidfile} ${prog}

        RETVAL=$?

        [ $RETVAL =  ] && ${FAIL2BAN} status

        ;;

    *)

        echo $"Usage: fail2ban {start|stop|restart|reload|status}"

        RETVAL=

esac

exit $RETVAL

四.启动

chkconfig fail2ban on

/etc/init.d/fail2ban start

最新文章

  1. Shiro安全框架入门篇(登录验证实例详解与源码)
  2. PL/SQL Developer中文版下载以及使用图解(绿色版)
  3. cocoapod-使用cocoapod安装AFNetworking3.0
  4. WebSocket帧数据 解码/转码
  5. iOS中JS 与OC的交互(JavaScriptCore.framework)
  6. JS判断一个数组中是否有重复值的三种方法
  7. tomcat的部署
  8. htseq-count 的使用
  9. moses:processPhraseTable被删除
  10. STL函数模板(即算法)一览
  11. 基于Redis的CAS服务端集群
  12. linux下查看文件系统类型
  13. 使用Swift的代理,闭包来封装一个公用协议减少垃圾代码
  14. Visual Studio 单元测试之六---UI界面测试
  15. The account '...' is no team with ID '...'
  16. Python学习笔记开篇
  17. mysql连接错误问题
  18. Mysql数据库连接报错!1130:host XXX is not allowed to connect to this mysql server
  19. PHP-max_execution_time与fpm.request_terminate_timeout介绍
  20. python面试题--数据类型

热门文章

  1. Java中原始数据类型存放位置理解
  2. C/C++异常处理机制
  3. HDU 1241 Oil Deposits (DFS)
  4. struts2前端页面读取Clob/BLOB
  5. 去哪网实习总结:开发定时任务(JavaWeb)
  6. session失效,使用ajax请求数据被拦截,此时正常的处理逻辑是跳到登录界面,而不是界面没有变化(java推断是否是ajax请求)
  7. 微软的技术态度 -- 从其对于CRT的设计考虑说起(Thought on the CRT - What Microsoft Prefers)
  8. [译]使用AssetBundle Manader
  9. # [libx264 @ 00000275eb57fec0] height not divisible by 2 (520x325)
  10. springmvc20170322