{"id":359,"date":"2026-06-09T21:18:22","date_gmt":"2026-06-09T13:18:22","guid":{"rendered":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/"},"modified":"2026-06-09T21:18:22","modified_gmt":"2026-06-09T13:18:22","slug":"fail2ban-fuwuqianquanfanghushizhanzhinan","status":"publish","type":"post","link":"https:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/","title":{"rendered":"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357"},"content":{"rendered":"<p>!<a href=\"https:\/\/images.unsplash.com\/photo-1555066931-4365d14bab8c?w=800&amp;q=80\">fail2ban<\/a><\/p>\n<p>\u4f5c\u4e3a\u4e00\u540d\u8fd0\u7ef4\u5de5\u7a0b\u5e08\uff0c\u4f60\u4e00\u5b9a\u9047\u5230\u8fc7\u8fd9\u79cd\u60c5\u51b5\uff1a\u670d\u52a1\u5668\u65e5\u5fd7\u91cc\u5bc6\u5bc6\u9ebb\u9ebb\u7684 SSH \u767b\u5f55\u5931\u8d25\u8bb0\u5f55\uff0cNginx \u8bbf\u95ee\u65e5\u5fd7\u91cc\u67d0\u4e2a IP \u75af\u72c2\u626b\u63cf\u4f60\u7684\u7f51\u7ad9\u3002\u624b\u52a8\u5c01\u7981 IP\uff1f\u592a\u7d2f\u4e86\u3002iptables \u89c4\u5219\u5199\u5230\u98de\u8d77\uff1f\u6cbb\u6807\u4e0d\u6cbb\u672c\u3002<\/p>\n<p><strong>fail2ban<\/strong> \u5c31\u662f\u4e3a\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u800c\u751f\u7684\u2014\u2014\u5b83\u80fd\u81ea\u52a8\u5206\u6790\u65e5\u5fd7\uff0c\u53d1\u73b0\u6076\u610f\u884c\u4e3a\u540e\u81ea\u52a8\u5c01\u7981 IP\uff0c\u662f\u4f60\u670d\u52a1\u5668\u5b89\u5168\u7684\u7b2c\u4e00\u9053\u9632\u7ebf\u3002<\/p>\n<p><!--more--><\/p>\n<h2>\u4ec0\u4e48\u662f fail2ban<\/h2>\n<p>fail2ban \u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u5165\u4fb5\u9632\u62a4\u5de5\u5177\uff0c\u5de5\u4f5c\u539f\u7406\u5f88\u7b80\u5355\uff1a<\/p>\n<ol>\n<li><strong>\u76d1\u63a7\u65e5\u5fd7\u6587\u4ef6<\/strong>\uff1a\u5b9e\u65f6\u8bfb\u53d6\u6307\u5b9a\u65e5\u5fd7\uff08\u5982 \/var\/log\/auth.log\uff09<\/li>\n<li><strong>\u6b63\u5219\u5339\u914d<\/strong>\uff1a\u7528\u9884\u5b9a\u4e49\u7684 filter \u89c4\u5219\u8bc6\u522b\u5931\u8d25\u884c\u4e3a<\/li>\n<li><strong>\u8ba1\u6570\u89e6\u53d1<\/strong>\uff1a\u5728\u6307\u5b9a\u65f6\u95f4\u7a97\u53e3\u5185\u8fbe\u5230\u9608\u503c\u6b21\u6570<\/li>\n<li><strong>\u6267\u884c\u52a8\u4f5c<\/strong>\uff1a\u81ea\u52a8\u8c03\u7528 iptables\/firewalld \u5c01\u7981 IP<\/li>\n<\/ol>\n<p>\u6574\u4e2a\u8fc7\u7a0b\u5b8c\u5168\u81ea\u52a8\u5316\uff0c\u4f60\u53ea\u9700\u8981\u914d\u7f6e\u597d\u89c4\u5219\uff0c\u5269\u4e0b\u7684\u4ea4\u7ed9\u5b83\u3002<\/p>\n<h2>\u4e3a\u4ec0\u4e48\u9009\u62e9 fail2ban<\/h2>\n<p>\u5e02\u9762\u4e0a\u5b89\u5168\u5de5\u5177\u4e0d\u5c11\uff0c\u4e3a\u4ec0\u4e48 fail2ban \u80fd\u6210\u4e3a Linux \u670d\u52a1\u5668\u7684\u6807\u914d\uff1f<\/p>\n<table>\n<tr>\n<th>\u7279\u6027<\/th>\n<th>fail2ban<\/th>\n<th>denyhosts<\/th>\n<th>CSF<\/th>\n<\/tr>\n<\/table>\n<p>|&#8212;&#8212;|&#8212;&#8212;&#8212;-|&#8212;&#8212;&#8212;&#8211;|&#8212;&#8211;|<\/p>\n<table>\n<tr>\n<th>\u652f\u6301\u670d\u52a1<\/th>\n<th>\u4efb\u610f\u65e5\u5fd7<\/th>\n<th>\u4ec5 SSH<\/th>\n<th>\u591a\u79cd<\/th>\n<\/tr>\n<tr>\n<td>\u81ea\u5b9a\u4e49\u89c4\u5219<\/td>\n<td>\u7075\u6d3b<\/td>\n<td>\u6709\u9650<\/td>\n<td>\u590d\u6742<\/td>\n<\/tr>\n<tr>\n<td>\u8d44\u6e90\u5360\u7528<\/td>\n<td>\u4f4e<\/td>\n<td>\u4f4e<\/td>\n<td>\u9ad8<\/td>\n<\/tr>\n<tr>\n<td>\u793e\u533a\u6d3b\u8dc3<\/td>\n<td>\u6d3b\u8dc3<\/td>\n<td>\u505c\u66f4<\/td>\n<td>\u6d3b\u8dc3<\/td>\n<\/tr>\n<tr>\n<td>\u5b66\u4e60\u6210\u672c<\/td>\n<td>\u4e2d\u7b49<\/td>\n<td>\u4f4e<\/td>\n<td>\u9ad8<\/td>\n<\/tr>\n<\/table>\n<p><strong>\u6838\u5fc3\u4f18\u52bf<\/strong>\uff1afail2ban \u4e0d\u4ec5\u80fd\u4fdd\u62a4 SSH\uff0c\u8fd8\u80fd\u4fdd\u62a4 Nginx\u3001Apache\u3001Postfix\u3001Dovecot \u7b49\u4efb\u4f55\u80fd\u8f93\u51fa\u65e5\u5fd7\u7684\u670d\u52a1\u3002<\/p>\n<h2>\u5b89\u88c5\u4e0e\u57fa\u7840\u914d\u7f6e<\/h2>\n<h3>\u5b89\u88c5<\/h3>\n<p><code>`<\/code>bash<\/p>\n<p># Ubuntu\/Debian<\/p>\n<p>sudo apt update<\/p>\n<p>sudo apt install fail2ban -y<\/p>\n<p># CentOS\/RHEL<\/p>\n<p>sudo yum install epel-release -y<\/p>\n<p>sudo yum install fail2ban -y<\/p>\n<p># Arch Linux<\/p>\n<p>sudo pacman -S fail2ban<\/p>\n<p><code>`<\/code><\/p>\n<p>\u5b89\u88c5\u540e\u542f\u52a8\u670d\u52a1\uff1a<\/p>\n<p><code>`<\/code>bash<\/p>\n<p>sudo systemctl enable fail2ban<\/p>\n<p>sudo systemctl start fail2ban<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u914d\u7f6e\u6587\u4ef6\u7ed3\u6784<\/h3>\n<p>fail2ban \u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e <code>\/etc\/fail2ban\/<\/code>\uff1a<\/p>\n<p><code>`<\/code><\/p>\n<p>\/etc\/fail2ban\/<\/p>\n<p>\u251c\u2500\u2500 fail2ban.conf      # \u4e3b\u914d\u7f6e\uff08\u65e5\u5fd7\u7ea7\u522b\u3001PID\u6587\u4ef6\u7b49\uff09<\/p>\n<p>\u251c\u2500\u2500 jail.conf          # \u9ed8\u8ba4\u89c4\u5219\uff08\u4e0d\u8981\u4fee\u6539\uff01\uff09<\/p>\n<p>\u251c\u2500\u2500 jail.local         # \u81ea\u5b9a\u4e49\u89c4\u5219\uff08\u4f60\u6539\u8fd9\u4e2a\uff09<\/p>\n<p>\u251c\u2500\u2500 jail.d\/            # \u989d\u5916\u89c4\u5219\u7247\u6bb5<\/p>\n<p>\u251c\u2500\u2500 filter.d\/          # \u8fc7\u6ee4\u5668\u89c4\u5219<\/p>\n<p>\u251c\u2500\u2500 action.d\/          # \u52a8\u4f5c\u5b9a\u4e49<\/p>\n<p>\u2514\u2500\u2500 fail2ban.service   # systemd \u670d\u52a1\u6587\u4ef6<\/p>\n<p><code>`<\/code><\/p>\n<p><strong>\u91cd\u8981<\/strong>\uff1a\u6c38\u8fdc\u4e0d\u8981\u76f4\u63a5\u4fee\u6539 <code>jail.conf<\/code>\uff0c\u5347\u7ea7\u4f1a\u8986\u76d6\u3002\u6240\u6709\u81ea\u5b9a\u4e49\u914d\u7f6e\u5199\u5728 <code>jail.local<\/code>\u3002<\/p>\n<h3>\u57fa\u7840\u914d\u7f6e\u793a\u4f8b<\/h3>\n<p>\u521b\u5efa <code>\/etc\/fail2ban\/jail.local<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p># \u9ed8\u8ba4\u5c01\u7981\u65f6\u95f4\uff08\u79d2\uff09\uff0c1\u5c0f\u65f6<\/p>\n<p>bantime = 3600<\/p>\n<p># \u68c0\u6d4b\u65f6\u95f4\u7a97\u53e3\uff08\u79d2\uff09\uff0c10\u5206\u949f<\/p>\n<p>findtime = 600<\/p>\n<p># \u6700\u5927\u5931\u8d25\u6b21\u6570<\/p>\n<p>maxretry = 5<\/p>\n<p># \u4f7f\u7528 firewalld\uff08CentOS 7+\uff09\u6216 iptables<\/p>\n<p>banaction = firewallcmd-ipset<\/p>\n<p># \u5ffd\u7565\u672c\u5730\u56de\u73af<\/p>\n<p>ignoreip = 127.0.0.1\/8 ::1<\/p>\n<p># \u5ffd\u7565\u5185\u7f51IP\uff08\u6839\u636e\u4f60\u7684\u7f51\u7edc\u8c03\u6574\uff09<\/p>\n<p>ignoreip = 127.0.0.1\/8 10.0.0.0\/8 172.16.0.0\/12 192.168.0.0\/16<\/p>\n<p>[sshd]<\/p>\n<p>enabled = true<\/p>\n<p>port = ssh<\/p>\n<p>filter = sshd<\/p>\n<p>logpath = \/var\/log\/auth.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 86400<\/p>\n<p><code>`<\/code><\/p>\n<p>\u8fd9\u4e2a\u914d\u7f6e\u7684\u610f\u601d\u662f\uff1aSSH \u767b\u5f55\u5931\u8d25 3 \u6b21\uff0c\u5c01\u7981 24 \u5c0f\u65f6\u3002<\/p>\n<h2>\u6838\u5fc3\u6982\u5ff5\u8be6\u89e3<\/h2>\n<h3>Jail\uff08\u76d1\u72f1\uff09<\/h3>\n<p>Jail \u662f fail2ban \u7684\u6838\u5fc3\u6982\u5ff5\uff0c\u4ee3\u8868\u4e00\u4e2a\u4fdd\u62a4\u89c4\u5219\u3002\u6bcf\u4e2a jail \u5b9a\u4e49\u4e86\uff1a<\/p>\n<ul>\n<li><strong>\u76d1\u63a7\u54ea\u4e2a\u65e5\u5fd7<\/strong>\uff08logpath\uff09<\/li>\n<li><strong>\u7528\u4ec0\u4e48\u89c4\u5219\u5339\u914d<\/strong>\uff08filter\uff09<\/li>\n<li><strong>\u5931\u8d25\u51e0\u6b21\u89e6\u53d1<\/strong>\uff08maxretry\uff09<\/li>\n<li><strong>\u5c01\u7981\u591a\u4e45<\/strong>\uff08bantime\uff09<\/li>\n<li><strong>\u5728\u591a\u957f\u65f6\u95f4\u5185\u8ba1\u6570<\/strong>\uff08findtime\uff09<\/li>\n<\/ul>\n<h3>Filter\uff08\u8fc7\u6ee4\u5668\uff09<\/h3>\n<p>\u8fc7\u6ee4\u5668\u5b9a\u4e49\u4e86\u5982\u4f55\u4ece\u65e5\u5fd7\u4e2d\u8bc6\u522b\u6076\u610f\u884c\u4e3a\u3002\u5b83\u4eec\u662f\u6b63\u5219\u8868\u8fbe\u5f0f\u6587\u4ef6\uff0c\u4f4d\u4e8e <code>\/etc\/fail2ban\/filter.d\/<\/code>\u3002<\/p>\n<p>\u67e5\u770b SSH \u8fc7\u6ee4\u5668\uff1a<\/p>\n<p><code>`<\/code>bash<\/p>\n<p>cat \/etc\/fail2ban\/filter.d\/sshd.conf<\/p>\n<p><code>`<\/code><\/p>\n<p>\u4f60\u4f1a\u770b\u5230\u7c7b\u4f3c\u8fd9\u6837\u7684\u89c4\u5219\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>failregex = ^.*Failed password for .* from .*$<\/p>\n<p>            ^.*Invalid user .* from .*$<\/p>\n<p>            ^.*Connection closed by authenticating user .* .*[preauth]$<\/p>\n<p><code>`<\/code><\/p>\n<p><code><\/code> \u662f\u5360\u4f4d\u7b26\uff0cfail2ban \u4f1a\u81ea\u52a8\u63d0\u53d6\u5339\u914d\u7684 IP \u5730\u5740\u3002<\/p>\n<h3>Action\uff08\u52a8\u4f5c\uff09<\/h3>\n<p>\u52a8\u4f5c\u5b9a\u4e49\u4e86\u5c01\u7981 IP \u7684\u65b9\u5f0f\u3002\u9ed8\u8ba4\u4f7f\u7528 iptables\uff0c\u5e38\u89c1\u52a8\u4f5c\u5305\u62ec\uff1a<\/p>\n<ul>\n<li><strong>iptables-multiport<\/strong>\uff1a\u5728\u6307\u5b9a\u7aef\u53e3\u5c01\u7981<\/li>\n<li><strong>iptables-allports<\/strong>\uff1a\u5c01\u7981\u6240\u6709\u7aef\u53e3<\/li>\n<li><strong>firewallcmd-ipset<\/strong>\uff1a\u4f7f\u7528 firewalld\uff08CentOS 7+\uff09<\/li>\n<li><strong>route<\/strong>\uff1a\u901a\u8fc7\u8def\u7531\u8868\u5c01\u7981<\/li>\n<\/ul>\n<p>\u4f60\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u52a8\u4f5c\uff0c\u6bd4\u5982\u53d1\u9001\u90ae\u4ef6\u901a\u77e5\u3002<\/p>\n<h2>SSH \u5b89\u5168\u9632\u62a4<\/h2>\n<p>SSH \u662f\u670d\u52a1\u5668\u6700\u5e38\u89c1\u7684\u653b\u51fb\u76ee\u6807\uff0c\u4e5f\u662f fail2ban \u6700\u57fa\u7840\u7684\u4fdd\u62a4\u573a\u666f\u3002<\/p>\n<h3>\u57fa\u7840 SSH \u9632\u62a4<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[sshd]<\/p>\n<p>enabled = true<\/p>\n<p>port = ssh<\/p>\n<p>filter = sshd<\/p>\n<p>logpath = \/var\/log\/auth.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 86400<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u9488\u5bf9\u66b4\u529b\u7834\u89e3\u7684\u5f3a\u5316\u914d\u7f6e<\/h3>\n<p>\u5982\u679c\u4f60\u7684\u670d\u52a1\u5668\u66b4\u9732\u5728\u516c\u7f51\uff0c\u5efa\u8bae\u66f4\u4e25\u683c\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[sshd-aggressive]<\/p>\n<p>enabled = true<\/p>\n<p>port = ssh<\/p>\n<p>filter = sshd[mode=aggressive]<\/p>\n<p>logpath = \/var\/log\/auth.log<\/p>\n<p>maxretry = 2<\/p>\n<p>bantime = 604800<\/p>\n<p>findtime = 3600<\/p>\n<p><code>`<\/code><\/p>\n<p><code>mode=aggressive<\/code> \u4f1a\u5339\u914d\u66f4\u591a\u6076\u610f\u884c\u4e3a\u6a21\u5f0f\uff0c\u5305\u62ec\uff1a<\/p>\n<ul>\n<li>\u5bc6\u7801\u9519\u8bef<\/li>\n<li>\u65e0\u6548\u7528\u6237<\/li>\n<li>Root \u767b\u5f55\u5c1d\u8bd5<\/li>\n<li>\u66b4\u529b\u7834\u89e3\u7279\u5f81<\/li>\n<\/ul>\n<h3>\u4fdd\u62a4\u975e\u6807\u51c6 SSH \u7aef\u53e3<\/h3>\n<p>\u5982\u679c\u4f60\u6539\u4e86 SSH \u7aef\u53e3\uff08\u6bd4\u5982 2222\uff09\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[sshd-custom]<\/p>\n<p>enabled = true<\/p>\n<p>port = 2222<\/p>\n<p>filter = sshd<\/p>\n<p>logpath = \/var\/log\/auth.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 86400<\/p>\n<p><code>`<\/code><\/p>\n<h2>Nginx \u5b89\u5168\u9632\u62a4<\/h2>\n<p>Nginx \u662f Web \u670d\u52a1\u5668\u7684\u4e3b\u529b\uff0c\u4e5f\u662f\u653b\u51fb\u8005\u7684\u91cd\u70b9\u76ee\u6807\u3002<\/p>\n<h3>\u9632\u6b62\u66b4\u529b\u7834\u89e3\u767b\u5f55\u9875\u9762<\/h3>\n<p>\u521b\u5efa\u8fc7\u6ee4\u5668 <code>\/etc\/fail2ban\/filter.d\/nginx-auth.conf<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^ -.*&#8221;(GET|POST).*\/login.* HTTP\/.*&#8221; (401|403) .*$<\/p>\n<p>            ^ -.*&#8221;(GET|POST).*\/admin.* HTTP\/.*&#8221; (401|403) .*$<\/p>\n<p>ignoreregex =<\/p>\n<p><code>`<\/code><\/p>\n<p>\u914d\u7f6e jail\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[nginx-auth]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = nginx-auth<\/p>\n<p>logpath = \/var\/log\/nginx\/access.log<\/p>\n<p>maxretry = 5<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u9632\u6b62\u626b\u63cf\u5668\u548c\u722c\u866b<\/h3>\n<p>\u521b\u5efa\u8fc7\u6ee4\u5668 <code>\/etc\/fail2ban\/filter.d\/nginx-scan.conf<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^ -.*(GET|HEAD) \/(wp-admin|wp-login|xmlrpc|phpmyadmin).* HTTP\/.*&#8221; (404|403) .*$<\/p>\n<p>            ^ -.*&#8221;GET \/(env|info|phpinfo|test|shell).* HTTP\/.*&#8221; (404|403) .*$<\/p>\n<p>ignoreregex =<\/p>\n<p><code>`<\/code><\/p>\n<p>\u914d\u7f6e jail\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[nginx-scan]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = nginx-scan<\/p>\n<p>logpath = \/var\/log\/nginx\/access.log<\/p>\n<p>maxretry = 10<\/p>\n<p>bantime = 7200<\/p>\n<p>findtime = 3600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u9632\u6b62 DDoS \u548c CC \u653b\u51fb<\/h3>\n<p>\u521b\u5efa\u8fc7\u6ee4\u5668 <code>\/etc\/fail2ban\/filter.d\/nginx-req-limit.conf<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[Definition]<\/p>\n<p>failregex = limiting requests, excess: .* by zone .*, client: <\/p>\n<p>ignoreregex =<\/p>\n<p><code>`<\/code><\/p>\n<p>\u914d\u5408 Nginx \u7684 <code>limit_req_zone<\/code> \u4f7f\u7528\uff1a<\/p>\n<p><code>`<\/code>nginx<\/p>\n<p># nginx.conf<\/p>\n<p>http {<\/p>\n<p>    limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r\/s;<\/p>\n<p>    server {<\/p>\n<p>        location \/ {<\/p>\n<p>            limit_req zone=req_limit burst=20 nodelay;<\/p>\n<p>        }<\/p>\n<p>    }<\/p>\n<p>}<\/p>\n<p><code>`<\/code><\/p>\n<p>\u914d\u7f6e jail\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[nginx-req-limit]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = nginx-req-limit<\/p>\n<p>logpath = \/var\/log\/nginx\/error.log<\/p>\n<p>maxretry = 5<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u9632\u6b62\u6076\u610f User-Agent<\/h3>\n<p>\u521b\u5efa\u8fc7\u6ee4\u5668 <code>\/etc\/fail2ban\/filter.d\/nginx-bad-agent.conf<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^ -.*&#8221;.*&#8221; .* &#8220;.*(sqlmap|nikto|nmap|masscan|python-requests|Go-http-client).*&#8221;$<\/p>\n<p>ignoreregex =<\/p>\n<p><code>`<\/code><\/p>\n<p>\u914d\u7f6e jail\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[nginx-bad-agent]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = nginx-bad-agent<\/p>\n<p>logpath = \/var\/log\/nginx\/access.log<\/p>\n<p>maxretry = 1<\/p>\n<p>bantime = 86400<\/p>\n<p>findtime = 86400<\/p>\n<p><code>`<\/code><\/p>\n<h2>Apache \u5b89\u5168\u9632\u62a4<\/h2>\n<p>\u5982\u679c\u4f60\u7528\u7684\u662f Apache\uff0c\u914d\u7f6e\u65b9\u5f0f\u7c7b\u4f3c\u3002<\/p>\n<h3>\u9632\u6b62\u66b4\u529b\u7834\u89e3<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[apache-auth]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = apache-auth<\/p>\n<p>logpath = \/var\/log\/apache2\/error.log<\/p>\n<p>maxretry = 5<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u9632\u6b62\u626b\u63cf<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[apache-scan]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = apache-scan<\/p>\n<p>logpath = \/var\/log\/apache2\/access.log<\/p>\n<p>maxretry = 10<\/p>\n<p>bantime = 7200<\/p>\n<p>findtime = 3600<\/p>\n<p><code>`<\/code><\/p>\n<h2>\u90ae\u4ef6\u670d\u52a1\u9632\u62a4<\/h2>\n<p>\u90ae\u4ef6\u670d\u52a1\u5668\u662f\u5783\u573e\u90ae\u4ef6\u548c\u66b4\u529b\u7834\u89e3\u7684\u91cd\u707e\u533a\u3002<\/p>\n<h3>Postfix \u9632\u62a4<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[postfix]<\/p>\n<p>enabled = true<\/p>\n<p>port = smtp,465,submission<\/p>\n<p>filter = postfix<\/p>\n<p>logpath = \/var\/log\/mail.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p>[postfix-sasl]<\/p>\n<p>enabled = true<\/p>\n<p>port = smtp,465,submission<\/p>\n<p>filter = postfix-sasl<\/p>\n<p>logpath = \/var\/log\/mail.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 86400<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>Dovecot \u9632\u62a4<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[dovecot]<\/p>\n<p>enabled = true<\/p>\n<p>port = pop3,pop3s,imap,imaps<\/p>\n<p>filter = dovecot<\/p>\n<p>logpath = \/var\/log\/mail.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h2>\u8fdb\u9636\u914d\u7f6e<\/h2>\n<h3>\u81ea\u5b9a\u4e49\u8fc7\u6ee4\u5668<\/h3>\n<p>\u5047\u8bbe\u4f60\u6709\u4e00\u4e2a\u81ea\u5b9a\u4e49\u5e94\u7528\uff0c\u65e5\u5fd7\u683c\u5f0f\u5982\u4e0b\uff1a<\/p>\n<p><code>`<\/code><\/p>\n<p>2024-01-15 10:30:45 [ERROR] Login failed from 192.168.1.100 &#8211; Invalid credentials<\/p>\n<p><code>`<\/code><\/p>\n<p>\u521b\u5efa\u8fc7\u6ee4\u5668 <code>\/etc\/fail2ban\/filter.d\/myapp.conf<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^.*[ERROR] Login failed from  &#8211; .*$<\/p>\n<p>ignoreregex =<\/p>\n<p><code>`<\/code><\/p>\n<p>\u6d4b\u8bd5\u8fc7\u6ee4\u5668\uff1a<\/p>\n<p><code>`<\/code>bash<\/p>\n<p>fail2ban-regex \/var\/log\/myapp.log \/etc\/fail2ban\/filter.d\/myapp.conf<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u9012\u589e\u5c01\u7981\u65f6\u95f4<\/h3>\n<p>\u5bf9\u4e8e\u53cd\u590d\u653b\u51fb\u7684 IP\uff0c\u53ef\u4ee5\u9012\u589e\u5c01\u7981\u65f6\u95f4\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[recidive]<\/p>\n<p>enabled = true<\/p>\n<p>filter = recidive<\/p>\n<p>logpath = \/var\/log\/fail2ban.log<\/p>\n<p>action = iptables-allports[name=recidive]<\/p>\n<p>bantime = 604800<\/p>\n<p>findtime = 86400<\/p>\n<p>maxretry = 3<\/p>\n<p><code>`<\/code><\/p>\n<p>\u8fd9\u4e2a jail \u4f1a\u76d1\u63a7 fail2ban \u81ea\u5df1\u7684\u65e5\u5fd7\uff0c\u5982\u679c\u4e00\u4e2a IP \u5728 24 \u5c0f\u65f6\u5185\u88ab\u5c01\u7981 3 \u6b21\u4ee5\u4e0a\uff0c\u5c31\u5c01\u7981 7 \u5929\u3002<\/p>\n<h3>\u90ae\u4ef6\u901a\u77e5<\/h3>\n<p>\u914d\u7f6e\u5c01\u7981\u65f6\u53d1\u9001\u90ae\u4ef6\u901a\u77e5\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p># \u5728 jail.local \u7684 [DEFAULT] \u90e8\u5206\u6dfb\u52a0<\/p>\n<p>action = %(action_mwl)s<\/p>\n<p># action_mwl = ban + \u53d1\u9001\u90ae\u4ef6 + \u5305\u542b\u65e5\u5fd7<\/p>\n<p># action_mw  = ban + \u53d1\u9001\u90ae\u4ef6\uff08\u4e0d\u542b\u65e5\u5fd7\uff09<\/p>\n<p># action_ml  = ban + \u53ea\u53d1\u65e5\u5fd7\uff08\u4e0d\u5c01\u7981\uff09<\/p>\n<p><code>`<\/code><\/p>\n<p>\u914d\u7f6e\u90ae\u4ef6\u53c2\u6570 <code>\/etc\/fail2ban\/action.d\/mail.conf<\/code>\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[Definition]<\/p>\n<p>actionstart = <\/p>\n<p>actionstop = <\/p>\n<p>actioncheck = <\/p>\n<p>actionban = printf %%b &#8220;Hi,nnThe IP  has just been banned by Fail2Ban after  attempts against .nnRegards,nFail2Ban&#8221; | mail -s &#8220;[Fail2Ban] : banned &#8221; your@email.com<\/p>\n<p>actionunban = <\/p>\n<p><code>`<\/code><\/p>\n<h3>\u4f7f\u7528 firewalld\uff08CentOS 7+\uff09<\/h3>\n<p>CentOS 7 \u9ed8\u8ba4\u4f7f\u7528 firewalld\uff0c\u9700\u8981\u8c03\u6574 banaction\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p>banaction = firewallcmd-ipset<\/p>\n<p>banaction_allports = firewallcmd-ipset<\/p>\n<p><code>`<\/code><\/p>\n<p>\u6216\u8005\u4f7f\u7528 rich rules\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p>banaction = firewallcmd-rich-rules[actiontype=]<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u4f7f\u7528 nftables<\/h3>\n<p>\u5982\u679c\u4f60\u4f7f\u7528 nftables\uff08\u65b0\u7248 Linux \u63a8\u8350\uff09\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p>banaction = nftables[type=multiport]<\/p>\n<p>banaction_allports = nftables[type=allports]<\/p>\n<p><code>`<\/code><\/p>\n<h2>\u6545\u969c\u6392\u9664<\/h2>\n<h3>\u67e5\u770b fail2ban \u72b6\u6001<\/h3>\n<p><code>`<\/code>bash<\/p>\n<p># \u67e5\u770b\u6240\u6709 jail \u72b6\u6001<\/p>\n<p>fail2ban-client status<\/p>\n<p># \u67e5\u770b\u7279\u5b9a jail \u72b6\u6001<\/p>\n<p>fail2ban-client status sshd<\/p>\n<p># \u67e5\u770b\u88ab\u5c01\u7981\u7684 IP<\/p>\n<p>fail2ban-client get sshd banned<\/p>\n<p># \u67e5\u770b jail \u914d\u7f6e<\/p>\n<p>fail2ban-client get sshd maxretry<\/p>\n<p>fail2ban-client get sshd bantime<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u624b\u52a8\u5c01\u7981\/\u89e3\u5c01 IP<\/h3>\n<p><code>`<\/code>bash<\/p>\n<p># \u624b\u52a8\u5c01\u7981 IP<\/p>\n<p>fail2ban-client set sshd banip 192.168.1.100<\/p>\n<p># \u624b\u52a8\u89e3\u5c01 IP<\/p>\n<p>fail2ban-client set sshd unbanip 192.168.1.100<\/p>\n<p># \u67e5\u770b\u5c01\u7981\u5386\u53f2<\/p>\n<p>fail2ban-client get sshd banip &#8211;with-time<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u6d4b\u8bd5\u8fc7\u6ee4\u5668<\/h3>\n<p><code>`<\/code>bash<\/p>\n<p># \u6d4b\u8bd5\u8fc7\u6ee4\u5668\u662f\u5426\u80fd\u5339\u914d\u65e5\u5fd7<\/p>\n<p>fail2ban-regex \/var\/log\/auth.log \/etc\/fail2ban\/filter.d\/sshd.conf<\/p>\n<p># \u8be6\u7ec6\u8f93\u51fa<\/p>\n<p>fail2ban-regex -v \/var\/log\/auth.log \/etc\/fail2ban\/filter.d\/sshd.conf<\/p>\n<p># \u6d4b\u8bd5\u5355\u884c<\/p>\n<p>fail2ban-regex &#8220;Failed password for root from 192.168.1.100 port 22 ssh2&#8221; \/etc\/fail2ban\/filter.d\/sshd.conf<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u5e38\u89c1\u95ee\u9898<\/h3>\n<p><strong>\u95ee\u9898 1\uff1afail2ban \u542f\u52a8\u5931\u8d25<\/strong><\/p>\n<p><code>`<\/code>bash<\/p>\n<p># \u67e5\u770b\u9519\u8bef\u65e5\u5fd7<\/p>\n<p>journalctl -u fail2ban -f<\/p>\n<p># \u5e38\u89c1\u539f\u56e0\uff1a\u914d\u7f6e\u6587\u4ef6\u8bed\u6cd5\u9519\u8bef<\/p>\n<p>fail2ban-client -t<\/p>\n<p><code>`<\/code><\/p>\n<p><strong>\u95ee\u9898 2\uff1aIP \u88ab\u5c01\u7981\u4f46\u8fd8\u80fd\u8bbf\u95ee<\/strong><\/p>\n<p><code>`<\/code>bash<\/p>\n<p># \u68c0\u67e5 iptables \u89c4\u5219<\/p>\n<p>iptables -L -n | grep f2b<\/p>\n<p># \u68c0\u67e5 firewalld \u89c4\u5219<\/p>\n<p>firewall-cmd &#8211;list-all<\/p>\n<p># \u68c0\u67e5\u65e5\u5fd7<\/p>\n<p>tail -f \/var\/log\/fail2ban.log<\/p>\n<p><code>`<\/code><\/p>\n<p><strong>\u95ee\u9898 3\uff1a\u8bef\u5c01\u6b63\u5e38\u7528\u6237<\/strong><\/p>\n<p><code>`<\/code>bash<\/p>\n<p># \u7acb\u5373\u89e3\u5c01<\/p>\n<p>fail2ban-client set sshd unbanip \u7528\u6237IP<\/p>\n<p># \u6dfb\u52a0\u5230\u767d\u540d\u5355<\/p>\n<p># \u5728 jail.local \u7684 [DEFAULT] \u90e8\u5206<\/p>\n<p>ignoreip = 127.0.0.1\/8 \u7528\u6237IP<\/p>\n<p><code>`<\/code><\/p>\n<p><strong>\u95ee\u9898 4\uff1a\u65e5\u5fd7\u8f6e\u8f6c\u540e fail2ban \u4e0d\u5de5\u4f5c<\/strong><\/p>\n<p><code>`<\/code>bash<\/p>\n<p># \u521b\u5efa logrotate \u914d\u7f6e<\/p>\n<p>cat &gt; \/etc\/logrotate.d\/fail2ban &lt;&lt; EOF<\/p>\n<p>\/var\/log\/fail2ban.log {<\/p>\n<p>    weekly<\/p>\n<p>    rotate 4<\/p>\n<p>    compress<\/p>\n<p>    delaycompress<\/p>\n<p>    missingok<\/p>\n<p>    notifempty<\/p>\n<p>    create 0640 root root<\/p>\n<p>    postrotate<\/p>\n<p>        fail2ban-client flushlogs &gt; \/dev\/null 2&gt;&amp;1 || true<\/p>\n<p>    endscript<\/p>\n<p>}<\/p>\n<p>EOF<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u8c03\u8bd5\u6a21\u5f0f<\/h3>\n<p><code>`<\/code>bash<\/p>\n<p># \u524d\u53f0\u8fd0\u884c\uff0c\u67e5\u770b\u8be6\u7ec6\u65e5\u5fd7<\/p>\n<p>fail2ban-client -f start<\/p>\n<p># \u6216\u8005\u63d0\u9ad8\u65e5\u5fd7\u7ea7\u522b<\/p>\n<p>fail2ban-client set loglevel 4<\/p>\n<p><code>`<\/code><\/p>\n<h2>\u6027\u80fd\u4f18\u5316<\/h2>\n<h3>\u4f7f\u7528 ipset \u63d0\u5347\u6027\u80fd<\/h3>\n<p>\u5f53\u5c01\u7981 IP \u6570\u91cf\u5f88\u591a\u65f6\uff0ciptables \u6027\u80fd\u4f1a\u4e0b\u964d\u3002\u4f7f\u7528 ipset \u53ef\u4ee5\u5927\u5e45\u63d0\u5347\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p>banaction = iptables-ipset-proto4<\/p>\n<p># \u6216\u8005<\/p>\n<p>banaction = iptables-ipset-proto6<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u8c03\u6574\u76d1\u63a7\u9891\u7387<\/h3>\n<p>\u9ed8\u8ba4 fail2ban \u6bcf\u79d2\u68c0\u67e5\u4e00\u6b21\u65e5\u5fd7\uff0c\u53ef\u4ee5\u6839\u636e\u670d\u52a1\u5668\u8d1f\u8f7d\u8c03\u6574\uff1a<\/p>\n<p><code>`<\/code>ini<\/p>\n<p># \/etc\/fail2ban\/fail2ban.conf<\/p>\n<p>[Definition]<\/p>\n<p># \u68c0\u67e5\u95f4\u9694\uff08\u79d2\uff09<\/p>\n<p>dbpurgeage = 86400<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u6570\u636e\u5e93\u4f18\u5316<\/h3>\n<p>fail2ban \u9ed8\u8ba4\u4f7f\u7528 SQLite \u5b58\u50a8\u5c01\u7981\u8bb0\u5f55\uff0c\u5927\u91cf IP \u65f6\u53ef\u4ee5\u4f18\u5316\uff1a<\/p>\n<p><code>`<\/code>bash<\/p>\n<p># \u67e5\u770b\u6570\u636e\u5e93\u5927\u5c0f<\/p>\n<p>ls -lh \/var\/lib\/fail2ban\/fail2ban.sqlite3<\/p>\n<p># \u6e05\u7406\u65e7\u8bb0\u5f55<\/p>\n<p>fail2ban-client flushlogs<\/p>\n<p><code>`<\/code><\/p>\n<h2>\u6700\u4f73\u5b9e\u8df5<\/h2>\n<h3>1. \u5408\u7406\u8bbe\u7f6e\u9608\u503c<\/h3>\n<ul>\n<li><strong>SSH<\/strong>\uff1amaxretry=3, bantime=86400\uff0824\u5c0f\u65f6\uff09<\/li>\n<li><strong>Web \u767b\u5f55<\/strong>\uff1amaxretry=5, bantime=3600\uff081\u5c0f\u65f6\uff09<\/li>\n<li><strong>API \u63a5\u53e3<\/strong>\uff1amaxretry=10, bantime=1800\uff0830\u5206\u949f\uff09<\/li>\n<\/ul>\n<h3>2. \u5fc5\u987b\u8bbe\u7f6e\u767d\u540d\u5355<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p># \u81f3\u5c11\u5305\u542b\u4ee5\u4e0b IP<\/p>\n<p>ignoreip = 127.0.0.1\/8 ::1 \u4f60\u7684\u7ba1\u7406IP<\/p>\n<p><code>`<\/code><\/p>\n<h3>3. \u542f\u7528\u6301\u4e45\u5316<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p>[DEFAULT]<\/p>\n<p># \u5c01\u7981\u8bb0\u5f55\u6301\u4e45\u5316\u5230\u6570\u636e\u5e93<\/p>\n<p>dbfile = \/var\/lib\/fail2ban\/fail2ban.sqlite3<\/p>\n<p>dbpurgeage = 604800<\/p>\n<p><code>`<\/code><\/p>\n<h3>4. \u5b9a\u671f\u68c0\u67e5\u72b6\u6001<\/h3>\n<p><code>`<\/code>bash<\/p>\n<p># \u521b\u5efa\u76d1\u63a7\u811a\u672c<\/p>\n<p>cat &gt; \/usr\/local\/bin\/fail2ban-status.sh &lt;&lt; &#039;EOF&#039;<\/p>\n<p>#!\/bin\/bash<\/p>\n<p>echo &#8220;=== Fail2Ban Status ===&#8221;<\/p>\n<p>fail2ban-client status<\/p>\n<p>echo &#8220;&#8221;<\/p>\n<p>echo &#8220;=== Banned IPs ===&#8221;<\/p>\n<p>for jail in $(fail2ban-client status | grep &#8220;Jail list&#8221; | sed &#8216;s\/.*:\/\/;s\/,\/ \/g&#8217;); do<\/p>\n<p>    echo &#8220;Jail: $jail&#8221;<\/p>\n<p>    fail2ban-client status $jail | grep &#8220;Banned IP&#8221;<\/p>\n<p>done<\/p>\n<p>EOF<\/p>\n<p>chmod +x \/usr\/local\/bin\/fail2ban-status.sh<\/p>\n<p><code>`<\/code><\/p>\n<h3>5. \u914d\u5408\u5176\u4ed6\u5de5\u5177<\/h3>\n<p>fail2ban \u4e0d\u662f\u4e07\u80fd\u7684\uff0c\u5efa\u8bae\u914d\u5408\uff1a<\/p>\n<ul>\n<li><strong>iptables \u57fa\u7840\u89c4\u5219<\/strong>\uff1a\u9650\u5236\u8fde\u63a5\u901f\u7387<\/li>\n<li><strong>SSH \u5bc6\u94a5\u767b\u5f55<\/strong>\uff1a\u7981\u7528\u5bc6\u7801\u767b\u5f55<\/li>\n<li><strong>VPN<\/strong>\uff1a\u7ba1\u7406\u7aef\u53e3\u4e0d\u5bf9\u5916\u66b4\u9732<\/li>\n<li><strong>IDS\/IPS<\/strong>\uff1a\u66f4\u9ad8\u7ea7\u7684\u5165\u4fb5\u68c0\u6d4b<\/li>\n<\/ul>\n<h2>\u5b9e\u6218\u6848\u4f8b<\/h2>\n<h3>\u6848\u4f8b 1\uff1a\u4fdd\u62a4 WordPress \u767b\u5f55<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p># \/etc\/fail2ban\/filter.d\/wordpress.conf<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^ -.*&#8221;(GET|POST) \/wp-login.php.*$<\/p>\n<p>            ^ -.*&#8221;(GET|POST) \/xmlrpc.php.*$<\/p>\n<p>ignoreregex =<\/p>\n<p># \/etc\/fail2ban\/jail.local<\/p>\n<p>[wordpress]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = wordpress<\/p>\n<p>logpath = \/var\/log\/nginx\/access.log<\/p>\n<p>maxretry = 5<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u6848\u4f8b 2\uff1a\u4fdd\u62a4 GitLab<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p># \/etc\/fail2ban\/filter.d\/gitlab.conf<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^ -.*&#8221;(GET|POST) \/users\/sign_in.* HTTP\/.*&#8221; (401|422) .*$<\/p>\n<p>            ^ -.*&#8221;(GET|POST) \/users\/auth\/.* HTTP\/.*&#8221; (401|422) .*$<\/p>\n<p>ignoreregex =<\/p>\n<p>[gitlab]<\/p>\n<p>enabled = true<\/p>\n<p>port = http,https<\/p>\n<p>filter = gitlab<\/p>\n<p>logpath = \/var\/log\/gitlab\/gitlab-rails\/production.log<\/p>\n<p>maxretry = 5<\/p>\n<p>bantime = 3600<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h3>\u6848\u4f8b 3\uff1a\u4fdd\u62a4 MySQL<\/h3>\n<p><code>`<\/code>ini<\/p>\n<p># \/etc\/fail2ban\/filter.d\/mysqld.conf<\/p>\n<p>[Definition]<\/p>\n<p>failregex = ^.*Access denied for user .* from .*$<\/p>\n<p>ignoreregex =<\/p>\n<p>[mysqld]<\/p>\n<p>enabled = true<\/p>\n<p>port = 3306<\/p>\n<p>filter = mysqld<\/p>\n<p>logpath = \/var\/log\/mysql\/error.log<\/p>\n<p>maxretry = 3<\/p>\n<p>bantime = 86400<\/p>\n<p>findtime = 600<\/p>\n<p><code>`<\/code><\/p>\n<h2>\u603b\u7ed3<\/h2>\n<p>fail2ban \u662f\u670d\u52a1\u5668\u5b89\u5168\u7684\u745e\u58eb\u519b\u5200\uff0c\u7b80\u5355\u4f46\u5f3a\u5927\u3002\u901a\u8fc7\u5408\u7406\u914d\u7f6e\uff0c\u5b83\u53ef\u4ee5\uff1a<\/p>\n<ul>\n<li>\u81ea\u52a8\u5c01\u7981\u6076\u610f IP\uff0c\u51cf\u5c11\u4eba\u5de5\u5e72\u9884<\/li>\n<li>\u4fdd\u62a4 SSH\u3001Web\u3001\u90ae\u4ef6\u7b49\u591a\u79cd\u670d\u52a1<\/li>\n<li>\u7075\u6d3b\u7684\u81ea\u5b9a\u4e49\u89c4\u5219\u9002\u5e94\u5404\u79cd\u573a\u666f<\/li>\n<li>\u4f4e\u8d44\u6e90\u5360\u7528\uff0c\u9002\u5408\u5404\u79cd\u89c4\u6a21\u670d\u52a1\u5668<\/li>\n<\/ul>\n<p>\u8bb0\u4f4f\u51e0\u4e2a\u5173\u952e\u70b9\uff1a<\/p>\n<ol>\n<li><strong>\u6c38\u8fdc\u8bbe\u7f6e\u767d\u540d\u5355<\/strong>\uff0c\u907f\u514d\u628a\u81ea\u5df1\u9501\u5728\u5916\u9762<\/li>\n<li><strong>\u6d4b\u8bd5\u8fc7\u6ee4\u5668<\/strong>\uff0c\u786e\u4fdd\u89c4\u5219\u6b63\u786e\u5339\u914d<\/li>\n<li><strong>\u76d1\u63a7 fail2ban \u65e5\u5fd7<\/strong>\uff0c\u53ca\u65f6\u53d1\u73b0\u95ee\u9898<\/li>\n<li><strong>\u914d\u5408\u5176\u4ed6\u5b89\u5168\u63aa\u65bd<\/strong>\uff0c\u591a\u5c42\u9632\u62a4<\/li>\n<\/ol>\n<p>\u5b89\u5168\u65e0\u5c0f\u4e8b\uff0cfail2ban \u53ea\u662f\u5f00\u59cb\u3002\u517b\u6210\u826f\u597d\u7684\u5b89\u5168\u4e60\u60ef\uff0c\u5b9a\u671f\u66f4\u65b0\u7cfb\u7edf\uff0c\u4f7f\u7528\u5f3a\u5bc6\u7801\u6216\u5bc6\u94a5\u8ba4\u8bc1\uff0c\u624d\u80fd\u8ba9\u4f60\u7684\u670d\u52a1\u5668\u56fa\u82e5\u91d1\u6c64\u3002<\/p>\n<hr>\n<p><strong>\u4f5c\u8005\uff1a\u6500\u5ca9\u8005<\/strong> | \u6280\u672f\u603b\u76d1 | 19\u5e74IT\u5168\u6808\u5b9e\u6218<\/p>\n<p>\u7cbe\u901a\u7f51\u7edc\u3001\u5b89\u5168\u3001\u4e91\u8ba1\u7b97\u3001\u5bb9\u5668\u3001\u6570\u636e\u5e93\u3001\u8d85\u7b97\uff0c\u6301\u8bc1 PMP\u3001ITIL\u3001CKA\u3001\u7f51\u7edc\u5de5\u7a0b\u5e08\u7b49\u3002\u4e3b\u5bfc\u8fc7\u591a\u4e2a\u5343\u4e07\u7ea7\u653f\u52a1\u4e0e\u667a\u6167\u57ce\u5e02\u9879\u76ee\uff0c\u4ece\u552e\u524d\u5230\u4ea4\u4ed8\u5168\u6d41\u7a0b\u6253\u901a\u3002\u70ed\u8877\u5f00\u6e90\uff0c\u65e5\u62f1\u4e00\u5352\uff0c\u6bcf\u5929\u5206\u4eab\u6280\u672f\u7b14\u8bb0\uff0c\u966a\u4f60\u4ece\u96f6\u57fa\u7840\u5230\u8fd0\u7ef4\u8fbe\u4eba\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>!fail2ban \u4f5c\u4e3a\u4e00\u540d\u8fd0\u7ef4\u5de5\u7a0b\u5e08\uff0c\u4f60\u4e00\u5b9a\u9047\u5230\u8fc7\u8fd9\u79cd\u60c5\u51b5\uff1a\u670d\u52a1\u5668\u65e5\u5fd7\u91cc\u5bc6\u5bc6\u9ebb\u9ebb\u7684 SSH \u767b\u5f55\u5931\u8d25\u8bb0\u5f55\uff0cN [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[],"class_list":["post-359","post","type-post","status-publish","format-standard","hentry","category-linuxanquan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357 - \u6500\u5ca9\u8005<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357 - \u6500\u5ca9\u8005\" \/>\n<meta property=\"og:description\" content=\"!fail2ban \u4f5c\u4e3a\u4e00\u540d\u8fd0\u7ef4\u5de5\u7a0b\u5e08\uff0c\u4f60\u4e00\u5b9a\u9047\u5230\u8fc7\u8fd9\u79cd\u60c5\u51b5\uff1a\u670d\u52a1\u5668\u65e5\u5fd7\u91cc\u5bc6\u5bc6\u9ebb\u9ebb\u7684 SSH \u767b\u5f55\u5931\u8d25\u8bb0\u5f55\uff0cN [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6500\u5ca9\u8005\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-09T13:18:22+00:00\" \/>\n<meta name=\"author\" content=\"climbing\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"climbing\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/#article\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/\"},\"author\":{\"name\":\"climbing\",\"@id\":\"https:\\\/\\\/climbing.top\\\/#\\\/schema\\\/person\\\/d0a903ba840c6b5b4efed8cf469bdfc6\"},\"headline\":\"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357\",\"datePublished\":\"2026-06-09T13:18:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/\"},\"wordCount\":1085,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/climbing.top\\\/#\\\/schema\\\/person\\\/d0a903ba840c6b5b4efed8cf469bdfc6\"},\"articleSection\":[\"Linux\u5b89\u5168\"],\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/\",\"url\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/\",\"name\":\"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357 - \u6500\u5ca9\u8005\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/climbing.top\\\/#website\"},\"datePublished\":\"2026-06-09T13:18:22+00:00\",\"breadcrumb\":{\"@id\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\\\/\\\/climbing.top\\\/index.php\\\/2026\\\/06\\\/09\\\/fail2ban-fuwuqianquanfanghushizhanzhinan\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\\\/\\\/climbing.top\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/climbing.top\\\/#website\",\"url\":\"https:\\\/\\\/climbing.top\\\/\",\"name\":\"\u6500\u5ca9\u8005\",\"description\":\"Just a climbing site\",\"publisher\":{\"@id\":\"https:\\\/\\\/climbing.top\\\/#\\\/schema\\\/person\\\/d0a903ba840c6b5b4efed8cf469bdfc6\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/climbing.top\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-Hans\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/climbing.top\\\/#\\\/schema\\\/person\\\/d0a903ba840c6b5b4efed8cf469bdfc6\",\"name\":\"climbing\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g\",\"caption\":\"climbing\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g\"},\"sameAs\":[\"http:\\\/\\\/49.232.220.234\\\/wordpress\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357 - \u6500\u5ca9\u8005","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/","og_locale":"zh_CN","og_type":"article","og_title":"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357 - \u6500\u5ca9\u8005","og_description":"!fail2ban \u4f5c\u4e3a\u4e00\u540d\u8fd0\u7ef4\u5de5\u7a0b\u5e08\uff0c\u4f60\u4e00\u5b9a\u9047\u5230\u8fc7\u8fd9\u79cd\u60c5\u51b5\uff1a\u670d\u52a1\u5668\u65e5\u5fd7\u91cc\u5bc6\u5bc6\u9ebb\u9ebb\u7684 SSH \u767b\u5f55\u5931\u8d25\u8bb0\u5f55\uff0cN [&hellip;]","og_url":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/","og_site_name":"\u6500\u5ca9\u8005","article_published_time":"2026-06-09T13:18:22+00:00","author":"climbing","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"climbing","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"6 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/#article","isPartOf":{"@id":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/"},"author":{"name":"climbing","@id":"https:\/\/climbing.top\/#\/schema\/person\/d0a903ba840c6b5b4efed8cf469bdfc6"},"headline":"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357","datePublished":"2026-06-09T13:18:22+00:00","mainEntityOfPage":{"@id":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/"},"wordCount":1085,"commentCount":0,"publisher":{"@id":"https:\/\/climbing.top\/#\/schema\/person\/d0a903ba840c6b5b4efed8cf469bdfc6"},"articleSection":["Linux\u5b89\u5168"],"inLanguage":"zh-Hans","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/","url":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/","name":"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357 - \u6500\u5ca9\u8005","isPartOf":{"@id":"https:\/\/climbing.top\/#website"},"datePublished":"2026-06-09T13:18:22+00:00","breadcrumb":{"@id":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/climbing.top\/index.php\/2026\/06\/09\/fail2ban-fuwuqianquanfanghushizhanzhinan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/climbing.top\/"},{"@type":"ListItem","position":2,"name":"fail2ban \u670d\u52a1\u5668\u5b89\u5168\u9632\u62a4\u5b9e\u6218\u6307\u5357"}]},{"@type":"WebSite","@id":"https:\/\/climbing.top\/#website","url":"https:\/\/climbing.top\/","name":"\u6500\u5ca9\u8005","description":"Just a climbing site","publisher":{"@id":"https:\/\/climbing.top\/#\/schema\/person\/d0a903ba840c6b5b4efed8cf469bdfc6"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/climbing.top\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-Hans"},{"@type":["Person","Organization"],"@id":"https:\/\/climbing.top\/#\/schema\/person\/d0a903ba840c6b5b4efed8cf469bdfc6","name":"climbing","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/secure.gravatar.com\/avatar\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g","caption":"climbing"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/1ebe96219e8a39358eb7ac4609521cc139b46bdb29387ac24634ce777483c04e?s=96&d=wp_user_avatar&r=g"},"sameAs":["http:\/\/49.232.220.234\/wordpress"]}]}},"_links":{"self":[{"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/posts\/359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/comments?post=359"}],"version-history":[{"count":0,"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/posts\/359\/revisions"}],"wp:attachment":[{"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/media?parent=359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/categories?post=359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/climbing.top\/index.php\/wp-json\/wp\/v2\/tags?post=359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}