CentOS7下fail2ban配合apache

標籤：fail2ban

官網地址：http://www.fail2ban.org/wiki/index.php/Main_Page

650) this.width=650;" src="https://s4.51cto.com/wyfs02/M00/9D/61/wKiom1l_JQmzehELAADzvh04rFg506.png" title="Image.png" alt="wKiom1l_JQmzehELAADzvh04rFg506.png" />

download fail2ban-0.10.tar.gz，然後rz到伺服器，

        tar -xvf fail2ban-0.10.tar.gz

 進入解壓後的目錄，查看README

[[email protected] tmp]# cd fail2ban-0.10/[[email protected] fail2ban-0.10]# cat README.md #查看python版本是否滿足[[email protected] fail2ban-0.10]# python --versionPython 2.7.5

安裝fail2ban

[[email protected] fail2ban-0.10]#python setup.py install

添加系統服務

     fail2ban.service 服務指令碼設定檔

[Unit]Description=Fail2Ban ServiceDocumentation=man:fail2ban(1)After=network.target iptables.service firewalld.servicePartOf=iptables.service firewalld.service[Service]Type=simpleExecStartPre=/bin/mkdir -p /var/run/fail2banExecStart=/usr/bin/fail2ban-server -xf start# if should be logged in systemd journal, use following line or set logtarget to stdout in fail2ban.local# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=stdout startExecStop=/usr/bin/fail2ban-client stopExecReload=/usr/bin/fail2ban-client reloadPIDFile=/var/run/fail2ban/fail2ban.pidRestart=on-failureRestartPreventExitStatus=0 255[Install]WantedBy=multi-user.target

    把設定檔加入systemd

[[email protected] system]# ls f*final.target       firewalld.service  fprintd.service    fstrim.service     fstrim.timer#拷貝檔案到服務統一位置/usr/lib/systemd/system[[email protected] system]# cp /tmp/fail2ban-0.10/files/fail2ban.service  /usr/lib/systemd/system

[[email protected] system]# ls -l /etc/systemd/system/fail2ban.servicelrwxrwxrwx. 1 root root 16 Jul 14 17:41 /etc/systemd/system/fail2ban.service -> fail2ban.service[[email protected] multi-user.target.wants]# ln -s /usr/lib/systemd/system/fail2ban.service ./multi-user.target.wants/[[email protected] multi-user.target.wants]# systemctl list-unit-files -t service |grep fail2ban.servicefail2ban.service                              enabled

[[email protected] files]# systemctl start fail2ban.service[[email protected] files]# systemctl status fail2ban.service● fail2ban.service - Fail2Ban Service   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)   Active: active (running) since Fri 2017-07-14 18:04:26 CST; 12s ago     Docs: man:fail2ban(1)  Process: 72114 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS) Main PID: 72116 (fail2ban-server)   CGroup: /system.slice/fail2ban.service           └─72116 /usr/bin/python /usr/bin/fail2ban-server -xf start

設定檔

[[email protected] fail2ban]# ls -1action.d                             #定義fail2ban的操作，iptables、mails、 fail2ban.conf                         #定義記錄層級、日誌位置、socket檔案位置fail2ban.d          filter.d                              #條件，過濾日誌設定jail.conf                             #主要設定檔，模組。啟動ban動作服務和動作閥值jail.dpaths-arch.confpaths-common.confpaths-debian.confpaths-fedora.confpaths-freebsd.confpaths-opensuse.confpatahs-osx.conf

修改 fail2ban.conf設定檔

[[email protected] files]# vim /etc/fail2ban/jail.conf限制時間# "bantime" is the number of seconds that a host is banned.  bantime  = 3600                         #預設為秒，指定分鐘後面m，這裡指定的是1小時時間間隔# A host is banned if it has generated "maxretry" during the last "findtime"# seconds.  findtime  = 60次數# "maxretry" is the number of failures before a host get banned.maxretry = 200backend# "backend" specifies the backend used to get files modification.# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".# This option can be overridden in each jail as well.## pyinotify: requires pyinotify (a file alteration monitor) to be installed.#              If pyinotify is not installed, Fail2ban will use auto.# gamin:     requires Gamin (a file alteration monitor) to be installed.#              If Gamin is not installed, Fail2ban will use auto.# polling:   uses a polling algorithm which does not require external libraries.# systemd:   uses systemd python library to access the systemd journal.#              Specifying "logpath" is not valid for this backend.#              See "journalmatch" in the jails associated filter config# auto:      will try to use the following backends, in order:#              pyinotify, gamin, polling.## Note: if systemd backend is chosen as the default but you enable a jail#       for which logs are present only in its own log files, specify some other#       backend for that jail (e.g. polling) and provide empty value for#       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200backend = auto# true:  jail will be enabled and log files will get monitored for changes# false: jail is not enabledenabled = false# HTTP servers#[apache-auth]    #檢測驗證失敗port     = http,httpslogpath  = %(apache_error_log)s[apache-badbots]          #檢測抓取郵件地址的爬蟲# Ban hosts which agent identifies spammer robots crawling the web# for email addresses. The mail outputs are buffered.port     = http,httpslogpath  = %(apache_access_log)sbantime  = 48hmaxretry = 1[apache-noscript]  #漏洞和PHP脆弱性掃描port     = http,httpslogpath  = %(apache_error_log)s[apache-overflows]     #溢出檢測port     = http,httpslogpath  = %(apache_error_log)smaxretry = 2[apache-nohome]     #檢測在伺服器尋找主目錄port     = http,httpslogpath  = %(apache_error_log)smaxretry = 2[apache-botsearch]port     = http,httpslogpath  = %(apache_error_log)smaxretry = 2[apache-fakegooglebot]port     = http,httpslogpath  = %(apache_access_log)smaxretry = 1ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>[apache-modsecurity]port     = http,httpslogpath  = %(apache_error_log)smaxretry = 2[apache-shellshock]port    = http,httpslogpath = %(apache_error_log)smaxretry = 1[openhab-auth]filter = openhabaction = iptables-allports[name=NoAuthFailures]logpath = /opt/openhab/logs/request.log

 日誌過濾器存放位置 

/etc/fail2ban/filter.d[[email protected] filter.d]# cd /etc/fail2ban/filter.d[[email protected] filter.d]# ls3proxy.conf                domino-smtp.conf        mysqld-auth.conf      selinux-common.confapache-auth.conf           dovecot.conf            nagios.conf           selinux-ssh.confapache-badbots.conf        dropbear.conf           named-refused.conf    sendmail-auth.confapache-botsearch.conf      drupal-auth.conf        nginx-botsearch.conf  sendmail-reject.confapache-common.conf         ejabberd-auth.conf      nginx-http-auth.conf  sieve.confapache-fakegooglebot.conf  exim-common.conf        nginx-limit-req.conf  slapd.confapache-modsecurity.conf    exim.conf               nsd.conf              sogo-auth.confapache-nohome.conf         exim-spam.conf          openhab.conf          solid-pop3d.conf

action目錄：

                /etc/fail2ban/action.d

[[email protected] action.d]# cd /etc/fail2ban/action.d[[email protected] action.d]# lsabuseipdb.conf                       mail-buffered.confapf.conf                             mail.confbadips.conf                          mail-whois-common.confbadips.py                            mail-whois.confblocklist_de.conf                    mail-whois-lines.confbsd-ipfw.conf                        mynetwatchman.confcloudflare.conf                      netscaler.confcomplain.conf                        nftables-allports.confdshield.conf                         nftables-common.conf

本文出自 “庭前夜末空看雪” 部落格，請務必保留此出處http://12550795.blog.51cto.com/12540795/1952484

CentOS7下fail2ban配合apache