Wor*_*tig 3 customization centos fail2ban
通过本教程在CentOS 8上设置fail2ban服务:https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/。
我已经按照上面的教程类似地设置了这样的设置:
[DEFAULT]
# Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
bantime = 86400
# An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 1200
maxretry = 3
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator. For example, add your
# static IP address that you always use for login such as 103.1.2.3
#ignoreip = 127.0.0.1/8 ::1 103.1.2.3
# Call iptables to ban IP address
banaction = iptables-multiport
# Enable sshd protection
[sshd]
enabled = true
我希望一个IP在被临时封禁3次后永久被封禁。怎么做?
持续禁止是不可取的 - 它只会不必要地使您的网络过滤子系统(以及fail2ban)超载......有一个长时间的禁止就足够了。
如果您使用 v.0.11,则可以使用 bantime 增量功能,您的配置可能类似于此答案 - https://github.com/fail2ban/fail2ban/discussions/2952#discussioncomment-414693
[sshd]
# initial ban time:
bantime = 1h
# incremental banning:
bantime.increment = true
# default factor (causes increment - 1h -> 1d 2d 4d 8d 16d 32d ...):
bantime.factor = 24
# max banning time = 5 week:
bantime.maxtime = 5w
但请注意,如果启用此功能,它也会影响maxretry,因此第二次及后续对已知不良 IP 的禁令比 3 次尝试后发生的时间要早得多(每次都会减半)。
| 归档时间: |
|
| 查看次数: |
18231 次 |
| 最近记录: |