Debian12安装fail2ban封禁恶意ip 2025-07-07 Website News 暂无评论 177 次阅读 ####安装Fail2Ban ```csharp sudo apt update sudo apt install fail2ban rsyslog -y ``` 安装 rsyslog,以确保日志文件能够正常生成并供 Fail2Ban 使用 ####启动服务 ```csharp sudo systemctl enable --now fail2ban sudo systemctl enable --now rsyslog ``` ####检查服务状态 ```csharp sudo systemctl status fail2ban sudo systemctl status rsyslog ``` ####配置 Fail2Ban ```csharp sudo nano /etc/fail2ban/jail.local ``` 粘贴以下内容,记得把 5522 改成你的SSH端口 ```csharp [sshd] ignoreip = 127.0.0.1/8 enabled = true filter = sshd port = 5522 maxretry = 3 findtime = 300 bantime = -1 banaction = ufw logpath = /var/log/auth.log ``` ####配置说明: enabled = true 启用 SSH 防护 port = 5522 指定 SSH 端口 maxretry = 3 3次失败后封禁 findtime = 300 在 300 秒(5 分钟)内统计失败尝试次数 bantime = -1 封禁时间设为 -1,表示永久封禁 ####重启服务使配置生效 ```csharp sudo systemctl restart fail2ban ``` ###管理和监控 ####查看运行状态 ```csharp sudo systemctl status fail2ban ``` ####查看日志 ```csharp sudo tail -f /var/log/fail2ban.log ``` ###管理封禁IP ####查询封禁情况 ```csharp sudo fail2ban-client status sshd ``` ####手动解封IP: ```csharp sudo fail2ban-client unban IP地址 ``` ###常见问题处理 如果服务启动失败,检查配置文件语法: ```csharp sudo fail2ban-client -t ``` 如果日志不更新,重启 rsyslog 服务: ```csharp sudo systemctl restart rsyslog ``` ###卸载 ```csharp sudo systemctl stop fail2ban sudo systemctl disable fail2ban sudo apt-get remove --purge fail2ban sudo apt-get autoremove sudo apt-get clean sudo rm -rf /var/log/fail2ban.log sudo rm -rf /var/lib/fail2ban ``` 标签: SSH, Debian, fail2ban, fail, ban 本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。
评论已关闭