2021-02-20 17:04:59,580 fail2ban.observer [2615]: INFO Observer start...
2021-02-20 17:04:59,583 fail2ban.database [2615]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'2021-02-20 17:04:59,583 fail2ban.jail [2615]: INFO Creating new jail 'sshd'2021-02-20 17:04:59,593 fail2ban.jail [2615]: INFO Jail 'sshd' uses pyinotify {}2021-02-20 17:04:59,596 fail2ban.jail [2615]: INFO Initiated 'pyinotify' backend
2021-02-20 17:04:59,597 fail2ban.filter [2615]: INFO maxLines: 1
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO maxRetry: 3
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO findtime: 600
2021-02-20 17:04:59,611 fail2ban.actions [2615]: INFO banTime: 86400
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO encoding: UTF-8
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO Added logfile: '/var/log/auth.log'(pos= 34274, hash= 5cdc6285962a0352611a54aa860667fc35ededc1)2021-02-20 17:04:59,614 fail2ban.jail [2615]: INFO Jail 'sshd' started
2021-02-20 17:08:12,674 fail2ban.server [2615]: INFO Reload all jails
2021-02-20 17:08:12,674 fail2ban.server [2615]: INFO Reload jail 'sshd'2021-02-20 17:08:12,674 fail2ban.filter [2615]: INFO maxLines: 1
2021-02-20 17:08:12,674 fail2ban.filter [2615]: INFO maxRetry: 3
2021-02-20 17:08:12,675 fail2ban.filter [2615]: INFO findtime: 600
2021-02-20 17:08:12,675 fail2ban.actions [2615]: INFO banTime: 86400
2021-02-20 17:08:12,675 fail2ban.filter [2615]: INFO encoding: UTF-8
2021-02-20 17:08:12,675 fail2ban.server [2615]: INFO Jail 'sshd' reloaded
2021-02-20 17:08:12,675 fail2ban.server [2615]: INFO Reload finished.
三、查看状态
1
sudo fail2ban-client status sshd
输出类似:
123456789
Status for the jail: sshd
|- Filter
||- Currently failed: 2
||- Total failed: 5343
|`- File list: /var/log/auth.log
`- Actions
|- Currently banned: 178
|- Total banned: 1354
`- Banned IP list: ...
列表 iptables 的规则:
1
iptables -S
输出类似:
12345678910
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A fail2ban-nginx-http-auth -j RETURN
-A fail2ban-ssh -s <IP 1> -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-ssh -s <IP 2> -j REJECT --reject-with icmp-port-unreachable
...
-A fail2ban-ssh -j RETURN