centos6.9安装fail2ban防爆破软件实操
看下防火墙服务是否开启启动

chkconfig --list|grep iptables

查看当前运行的端口

netstat -tnlp

查看当前防火墙状态

service iptables status
iptables -L -n

添加配置防火墙端口，把需要开放的端口都添加进去

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 6379 -j ACCEPT
iptables -A INPUT -p tcp --dport 7088 -j ACCEPT
iptables -A INPUT -p tcp --dport 10050 -j ACCEPT
iptables -A INPUT -p tcp --dport 10051 -j ACCEPT

#保存配置，不然重启后就没有了

service iptables save 

#安装fail2ban

wget https://codeload.github.com/fail2ban/fail2ban/zip/refs/tags/0.9.7 -O fail2ban.0.9.7.zip
unzip fail2ban.0.9.7.zip
cd fail2ban-0.9.7
python setup.py install

#添加启动脚本

cp files/redhat-initd /etc/init.d/fail2ban

#配置fail2ban

cd /etc/fail2ban/
cp jail.conf jail.d/jail.conf.local
cd jail.d
vim jail.conf.local

找到[sshd]配置段，将这行以前的都删除，以及后面的 [sshd-ddos] 之后的配置段内容都删除（也就是只需要下面的配置就可以了）
更新为以下配置（port端口自己改成服务器的ssh端口号）

[sshd]
enabled = true
# To use more aggressive sshd filter (inclusive sshd-ddos failregex):
#filter = sshd-aggressive
filter = sshd
port = ssh
#port    = 5060
action = iptables[name=SSH,port=ssh,protocol=tcp]
#action = iptables[name=SSH,port=5060,protocol=tcp]
sendmail-whois[name=SSH,dest=root,sender=joyber@qq.com]
logpath = /var/log/secure
maxretry = 3
findtime = 300
bantime = 86400

[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port    = ssh
#port    = 5060
logpath = %(sshd_log)s
backend = %(sshd_backend)s

解决fail2ban在执行 iptables 命令报错 -w 需要参数的问题

cd /etc/fail2ban/action.d
vim iptables-common.conf
#把 lockingopt = -w 这一行注掉，改成这样的空配置
#lockingopt = -w
lockingopt = 

重启防火墙和fail2ban

service iptables restart
service fail2ban start

有些系统可能安装后fail2ban-client等执行文件并没有在/usr/bin/fail2ban-client这个路径
需要修改一下启动脚本

vim /etc/init.d/fail2ban

#FAIL2BAN="/usr/bin/fail2ban-client"
FAIL2BAN="/usr/local/bin/fail2ban-client"

查看日志文件，是否有报错

tail -f /var/log/fail2ban.log

最后就是自己找一个测试机测试一下，一直输入错误的密码是否会被禁止访问了

ssh 47.100.31.xxx
#被禁止访问了
ssh: connect to host 47.100.31.xxx port 22: Connection refused

#查看fail2ban运行状态和禁止的IP列表等信息
fail2ban-client status
fail2ban-client status sshd

测试成功后如果 iptables 没有自启动的话，可以这样开启

chkconfig iptables on

宝塔升级到8.0.5后，网站列表一直卡在“正在获取名称，请稍候...” 解决办法

wget https://download.bt.cn/bt-patch/8.0.4/bt-patch1.sh && bash bt-patch1.sh

一：简单介绍

fail2ban是一款实用软件，可以监视你的系统日志，然后匹配日志的错误信息（正则式匹配）执行相应的屏蔽动作

在企业中，有些很多人会开放root登录，这样就有机会给黑客造成暴力破解的机会，root用户是众所周知的超级管理员，

即使是黑客来暴力破解没有成功，但是也可以造成你的Linux主机一直回应，这样一来你的主机负载就会很高，我们有什么

办法来控制呢，下面实验简单说明使用fail2ban工具的使用，如果深究的同学请登录fail2ban的官方文档熟悉详细操作。

二：实验环境

系统：CentOS6.4_x64

版本：fail2ban-0.8.14.tar.gz

IP：192.168.182.128

三：开始安装

首先安装依赖包

yum install vim gcc gcc-c++ wget -y
yum install shorewall gamin-python shorewall-shell shorewall-perl shorewall-common python-inotify python-ctypes -y

下载fail2ban包，官网为http://www.fail2ban.org/wiki/index.php/Main_Page

tar zxvf fail2ban-0.8.14.tar.gz
cd fail2ban-0.8.14
python setup.py install

默认安装路径在/etc/fail2ban，jail.conf为主配置文件。

vim /etc/fail2ban/jail.conf

####修改######
32 ignoreip = 127.0.0.1
94 [ssh-iptables]
95
96 enabled = ture
97 filter = sshd
98 action = iptables[name=SSH, port=ssh, protocol=tcp]
99 sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
100 logpath = /var/log/sshd.log
101 maxretry = 3

40 # "bantime" is the number of seconds that a host is banned.
41 bantime = 300
42
43 # A host is banned if it has generated "maxretry" during the last "findtime"
44 # seconds.
45 findtime = 600
46
47 # "maxretry" is the number of failures before a host get banned.
48 maxretry = 3
49

vim /etc/fail2ban/jail.conf

####修改######
32 ignoreip = 127.0.0.1
94 [ssh-iptables]
95
96 enabled = ture ###开启ssh-iptables
97 filter = sshd
98 action = iptables[name=SSH, port=ssh, protocol=tcp]
99 sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
100 logpath = /var/log/secure ##ssh默认登录的日志存放信息
101 maxretry = 3

40 # "bantime" is the number of seconds that a host is banned.
41 bantime = 300 #####锁定300秒/5分钟
42
43 # A host is banned if it has generated "maxretry" during the last "findtime"
44 # seconds.
45 findtime = 600 ####发现时间10分钟
46
47 # "maxretry" is the number of failures before a host get banned.
48 maxretry = 3 ###三次错误
49

在10分钟内发现有三次ssh链接错误则锁定5分钟

配置好了我们要怎么启动源码安装的程序呢，首先先把这个程序加到程序启动里面。

[root@129-Slave fail2ban-0.8.14]# grep chkconfig ./* -R --color
./files/redhat-initd:# chkconfig: - 92 08
[root@129-Slave fail2ban-0.8.14]# cp ./files/redhat-initd /etc/init.d/fail2ban
[root@129-Slave fail2ban-0.8.14]# /etc/init.d/fail2ban start
Starting fail2ban: WARNING Wrong value for 'enabled' in 'ssh-iptables'. Using default one: ''false''

                                                       [  OK  ]

[root@129-Slave fail2ban-0.8.14]# ps -aux | grep fail2ban
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
root 1533 0.4 1.6 342148 8404 ? Sl 06:37 0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
root 1558 0.0 0.1 103248 868 pts/0 S+ 06:37 0:00 grep fail2ban

接下来可以看到是有fail2ban的进程，我们进行测试。

[root@129-Slave fail2ban-0.8.14]# ssh 192.168.182.129
The authenticity of host '192.168.182.129 (192.168.182.129)' can't be established.
RSA key fingerprint is 29:90:34:7b:a0:05:99:af:79:91:0e:ed:86:ad:cf:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.182.129' (RSA) to the list of known hosts.
root@192.168.182.129's password:
Permission denied, please try again.
root@192.168.182.129's password:
Permission denied, please try again.
root@192.168.182.129's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@129-Slave fail2ban-0.8.14]# ssh 192.168.182.129
ssh: connect to host 192.168.182.129 port 22: Connection refused

########这里我故意输错3次密码，可以见到我第二次链接的时候直接被锁定了。#########

echo "127.0.0.1 $(hostname)" |sudo tee -a /etc/hosts

deepin默认sshd服务是没有开启22端口的，我们需要手动开启，开启的方法如下：

输入命令查看22端口是否开放

sudo lsof -i:22

查看22端口是否开放，无返回信息，则表示没有开放；

使用vim命令编辑配置文件

sudo vim /etc/ssh/sshd_config

将内容中的如下两行的注释去掉

#Port 22

#ListenAddress 0.0.0.0

保存退出

重启ssh

sudo /etc/init.d/ssh restart

再次使用命令查看端口是否开发

sudo lsof -i:22,

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    34720 root    3u  IPv4 182647      0t0  TCP *:ssh (LISTEN)

显示上面的信息说明以开放，试试是否可以远程登录