CentOS7 under Fail2ban with Apache

Website address: Http://www.fail2ban.org/wiki/index.php/Main_Page

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9D/61/wKiom1l_JQmzehELAADzvh04rFg506.png "title=" Image.png "alt=" Wkiom1l_jqmzehelaadzvh04rfg506.png "/>

Download fail2ban-0.10.tar.gz, then RZ to the server,

TAR-XVF fail2ban-0.10.tar.gz

Enter the extracted directory to view the Readme

[Email protected] tmp]# CD Fail2ban-0.10/[[email protected] fail2ban-0.10]# cat readme.md #查看python版本是否满足 [[Email Protected] fail2ban-0.10]# python--versionpython 2.7.5

Installing Fail2ban

[[email protected] fail2ban-0.10] #python setup.py Install

Adding system Services

Fail2ban.service Service Script configuration file

[Unit] Description=fail2ban Servicedocumentation=man:fail2ban (1) after=network.target Iptables.service Firewalld.servicepartof=iptables.service firewalld.service[service]type=simpleexecstartpre=/bin/mkdir-p/var/run /FAIL2BANEXECSTART=/USR/BIN/FAIL2BAN-SERVER-XF start# If should be logged in SYSTEMD Journal, use following line or set L Ogtarget to stdout in fail2ban.local# execstart=/usr/bin/fail2ban-server-xf--logtarget=stdout startExecStop=/usr/bin /fail2ban-client stopexecreload=/usr/bin/fail2ban-client reloadpidfile=/var/run/fail2ban/fail2ban.pidrestart= On-failurerestartpreventexitstatus=0 255[install]wantedby=multi-user.target

Add config file to Systemd

[[email protected] system]# ls f*final.target        firewalld.service  fprintd.service     fstrim.service     fstrim.timer# copy files to service unified location/usr/lib/systemd/system[[email  protected] system]# cp /tmp/fail2ban-0.10/files/fail2ban.service  /usr/lib/systemd/ System 

[[email protected] system]# ls -l /etc/systemd/ system/fail2ban.servicelrwxrwxrwx. 1 root root 16 jul 14 17:41 /etc/ systemd/system/fail2ban.service -> fail2ban.service[[email protected]  multi-user.target.wants]# ln -s /usr/lib/systemd/system/fail2ban.service ./ multi-user.target.wants/[[email protected] multi-user.target.wants]# systemctl  list-unit-files -t service |grep fail2ban.servicefail2ban.service                                enabled 

[[email protected] files]# systemctl start  Fail2ban.service[[email protected] files]# systemctl status fail2ban.service   fail2ban.service - fail2ban service   loaded: loaded  (/usr/lib/systemd /system/fail2ban.service; enabled; vendor preset: disabled)    Active:  active  (running)  since Fri 2017-07-14 18:04:26 CST; 12s ago      docs: man:fail2ban (1)   process: 72114 execstartpre=/bin/mkdir  -p /var/run/fail2ban  (code=exited, status=0/success)  Main PID: 72116  (Fail2ban-server)    CGroup: /system.slice/fail2ban.service            └─72116 /usr/bin/python /usr/bin/fail2ban-server -xf  Start 

Configuration file

[[email protected] fail2ban]# ls -1action.d                                #定义fail2ban的操作, iptables, mails,  fail2ban.conf                            #定义日志级别, log location, socket file location FAIL2BAN.D          FILTER.D                                 #条件, filter log Settings jail.conf                                #主要配置文件, modules. Start Ban Action Service and action threshold Jail.dpaths-arch.confpaths-common.confpaths-debian.confpaths-fedoRa.confpaths-freebsd.confpaths-opensuse.confpatahs-osx.conf 

Modify the fail2ban.conf configuration file

[[Email protected] files]# vim /etc/fail2ban/jail.conf Limited time #  "Bantime"  is  the number of seconds that a host is banned.  bantime   = 3600                           #默认为秒, specify the minute after m, here is the 1-hour interval # a host  is banned if it has generated  "Maxretry"  during the last   "Findtime" # seconds.  findtime  = 60 times #  "Maxretry"  is the  number of failures before a host get banned.maxretry =  200backend#  "Backend"  specifies the backend used to get files  modification.# available options are  "Pyinotify",  "Gamin",  "polling",  " Systemd " and " Auto ".# this option can be overridden in each jail as well.##  pyinotify: requires pyinotify  (A file alteration monitor)  to be  installed.#              if  pyinotify is not installed, fail2ban will use auto.# gamin:      requires Gamin  (A file alteration monitor)  to be  installed.#              If  gamin is not installed, fail2ban will use auto.# polling:    uses a polling algorithm which does not require external  Libraries.# systemd:   uses systemd python library to access  the systemd journal.#              specifying  "LogPath"  is not valid for this backend.#               See  "Journalmatch"  in the jails associated  Filter config# auto:      will try to use the  following backends, in order:#               pyinotify, gamin, polling.## Note: if systemd  backend is chosen as the default but you enable a jail#        for which logs are present only in  its own log files, specify some other#        backend for that jail  (e.g. polling)  and provide empty value for#        journalmatch. see https://github.com/fail2ban/fail2ban/issues/959# issuecomment-74901200backend = auto# true:  jail will be enabled  And log files will get monitored for changes# false: jail is  not enabledenabled = false# http servers#[apache-auth]    # Detection validation failed port     = http,httpslogpath  = % (Apache_error_log) s[ apache-badbots]           #检测抓取邮件地址的爬虫 # ban hosts  which agent identifies spammer robots crawling the web# for  email addresses. The mail outputs are buffered.port      = http,httpslogpath  = % (Apache_access_log) sbantime  = 48hmaxretry = 1[apache-noscript]  # Vulnerability and PHP Vulnerability scanning port     = http,httpslogpath  = % (Apache_error_log) s[ apache-overflows]      #溢出检测port      = http,httpslogpath   = % (Apache_error_log) smaxretry = 2[apache-nohome]     # Detect home Directory port     = http,httpslogpath  = % (apache_error_log) in server lookup smaxretry = 2[apache-botsearch]port     = http,httpslogpath   = % (Apache_error_log) smaxretry = 2[apache-fakegooglebot]port      = http,httpslogpath  = % (Apache_access_log) Smaxretry = 1ignorecommand  = % (Ignorecommands_dir) s/apache-fakegooglebot <ip>[apache-modsecurity]port      = http,httpslogpath  = % (Apache_error_log) smaxretry = 2[apache-shellshock]port     = http,httpslogpath = % (Apache_error_log) smaxretry = 1[openhab-auth]filter  = openhabaction = iptables-allports[name=noauthfailures]logpath = /opt/openhab/ Logs/request.log

  Log Filter storage location  

/etc/fail2ban/filter.d[[email protected] filter.d]# cd /etc/fail2ban/filter.d[[email  protected] filter.d]# ls3proxy.conf                 domino-smtp.conf         mysqld-auth.conf      selinux-common.confapache-auth.conf            dovecot.conf             nagios.conf            selinux-ssh.confapache-badbots.conf        dropbear.conf            named-refused.conf     sendmail-auth.confapache-botsearch.conf      drupal-auth.conf         nginx-botsearch.conf  sendmail-reject.confapache-common.conf          ejabberd-auth.conf      nginx-http-auth.conf   sieve.confapache-fakegooglebot.conf  exim-common.conf         nginx-limit-req.conf  slapd.confapache-modsecurity.conf    exim.conf                nsd.conf               sogo-auth.confapache-nohome.conf          exim-spam.conf           openhab.conf          solid-pop3d.conf

Action directory:

/etc/fail2ban/action.d

[[email protected] action.d]# cd /etc/fail2ban/action.d[[email protected]  action.d]# lsabuseipdb.conf                        mail-buffered.confapf.conf                               mail.confbadips.conf                            mail-whois-common.confbadips.py                              mail-whois.confblocklist_de.conf                     mail-whois-lines.confbsd-ipfw.conf                         mynetwatchman.confcloudflare.conf                        netscaler.confcomplain.conf                          nftables-allports.confdshield.conf                          nftables-common.conf

This article is from the "Night Empty Watch Snow" blog, please be sure to keep this source http://12550795.blog.51cto.com/12540795/1952484

CentOS7 under Fail2ban with Apache