个人工具
登录
查看“UbuntuHelp:Fail2ban”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:Fail2ban”的源代码
来自Ubuntu中文
←
UbuntuHelp:Fail2ban
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://help.ubuntu.com/community/Fail2ban}} {{Languages|UbuntuHelp:Fail2ban}} == Introduction == Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, [[UbuntuHelp:ProFTP|ProFTP]], Apache logs etc.. and uses iptables profiles to block brute-force attempts. == Installation == To install fail2ban, type the following in the terminal: <pre><nowiki> sudo apt-get install fail2ban </nowiki></pre> === Configuration === To configure fail2ban, make a 'local' copy the jail.conf file in /etc/fail2ban <pre><nowiki> cd /etc/fail2ban sudo cp jail.conf jail.local </nowiki></pre> Now edit the file: <pre><nowiki> sudo nano jail.local </nowiki></pre> Set the IPs you want fail2ban to ignore, the ban time (in seconds) and maximum number of user attempts to your liking: <pre><nowiki> [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 bantime = 3600 maxretry = 3 </nowiki></pre> === Email Notification === Note: You will need sendmail or any other MTA to do this. If you wish to be notified of bans by email, modify this line with your email address: <pre><nowiki> destemail = your_email@domain.com </nowiki></pre> Then find the line: <pre><nowiki> action = %(action_)s </nowiki></pre> and change it to <pre><nowiki> action = %(action_mw)s </nowiki></pre> === Jail Configuration === Jails are the rules which fail2ban apply to a given application/log: <pre><nowiki> [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 </nowiki></pre> To enable the other profiles, such as [ssh-ddos], make sure the first line beneath it reads: <pre><nowiki> enabled = true </nowiki></pre> Once done, restart fail2ban to put those settings into effect <pre><nowiki> sudo /etc/init.d/fail2ban restart </nowiki></pre> === Advanced: Filters === If you wish to tweak or add log filters, you can find them in <pre><nowiki> /etc/fail2ban/filter.d </nowiki></pre> === Testing === To test fail2ban, look at iptable rules: <pre><nowiki> iptables -L </nowiki></pre> Attempt to login to a service that fail2ban is monitoring (preferably from another machine) and look at the iptable rules again to see if that IP source gets added. == External Links == * http://www.fail2ban.org/wiki/index.php/Main_Page - Official Fail2ban Website. * http://denyhosts.sourceforge.net/ - DenyHosts ---- [[category:CategorySecurity]] [[category:UbuntuHelp]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuHelp:Fail2ban
。