{"id":7678,"date":"2020-11-22T00:23:17","date_gmt":"2020-11-21T16:23:17","guid":{"rendered":"https:\/\/blog.hoyo.idv.tw\/?p=7678"},"modified":"2021-06-24T10:12:58","modified_gmt":"2021-06-24T02:12:58","slug":"fail2ban","status":"publish","type":"post","link":"https:\/\/blog.hoyo.idv.tw\/?p=7678","title":{"rendered":"Fail2ban"},"content":{"rendered":"<p>--<\/p>\n<h2>\u53c3\u8003\u8cc7\u6e90<\/h2>\n<ul>\n<li><a href=\"https:\/\/newtoypia.blogspot.com\/2016\/04\/fail2ban.html\" target=\"_blank\" rel=\"noopener\">fail2ban\uff1a \u65b0\u624b\u8001\u624b root \u7db2\u7ba1\u90fd\u8981\u7df4\u7684\u91d1\u9418\u7f69<\/a><\/li>\n<li><a href=\"https:\/\/snippetinfo.net\/media\/2570\" target=\"_blank\" rel=\"noopener\">Fail2ban - \u963b\u64cb\u60e1\u610f\u5617\u8a66\u767b\u5165<\/a><\/li>\n<\/ul>\n<p>--<\/p>\n<h2>\u5b89\u88dd<\/h2>\n<p>Ununtu<\/p>\n<pre class=\"lang:default decode:true\"># apt-get install fail2ban<\/pre>\n<p>CentOS 7<\/p>\n<pre class=\"lang:default decode:true\"># yum install fail2ban<\/pre>\n<p>--<\/p>\n<h2>\u7cfb\u7d71\u670d\u52d9<\/h2>\n<p>\u4f8b\u5982\u8981\u63a7\u7ba1 ssh \u53ef\u4ee5\u9019\u6a23\u8a2d\u5b9a<\/p>\n<p>\u7de8\u8f2f jail.conf<\/p>\n<pre class=\"lang:default decode:true\"># vi \/etc\/fail2ban\/jail.conf<\/pre>\n<p>\u8a2d\u5b9a sshd \u5340\u6bb5<\/p>\n<pre class=\"lang:default decode:true\">[sshd]\r\nport    = ssh\r\nlogpath = %(sshd_log)s\r\nbackend = %(sshd_backend)s\r\nmaxretry = 3\r\nfindtime = 30\r\nbantime = 300<\/pre>\n<p>\u5c07 fail2ban \u670d\u52d9\u958b\u555f\u53ca\u555f\u52d5<\/p>\n<pre class=\"lang:default decode:true\"># systemctl enable --now fail2ban<\/pre>\n<p>--<\/p>\n<h2>\u7dad\u8b77<\/h2>\n<p>\u67e5\u770b\u6709\u4f5c\u7528<\/p>\n<pre class=\"lang:default decode:true\"># fail2ban-client status<\/pre>\n<p>\u67e5\u770b\u4f5c\u7528\u57f7\u884c\u7d30\u7bc0<\/p>\n<pre class=\"lang:default decode:true\"># fail2ban-client status web<\/pre>\n<pre class=\"lang:default decode:true \">Status for the jail: web\r\n|- Filter\r\n|  |- Currently failed: 0\r\n|  |- Total failed:     4\r\n|  `- File list:        \/WEBSite\/login_fail.log\r\n`- Actions\r\n   |- Currently banned: 1\r\n   |- Total banned:     1\r\n   `- Banned IP list:   192.168.0.99<\/pre>\n<p>\u89e3\u9664\u55ae\u4e00 IP \u5c01\u9396<\/p>\n<pre class=\"lang:default decode:true \"># fail2ban-client set sshd unbanip 172.16.1.100<\/pre>\n<p>\u89e3\u9664\u5168\u90e8\u5c01\u9396<\/p>\n<pre class=\"lang:default decode:true \"># fail2ban-client unban --all<\/pre>\n<p>--<\/p>\n<h2>\u81ea\u8a02\u670d\u52d9\u61c9\u7528 - \u4ee5\u7db2\u9801\u767b\u5165\u70ba\u4f8b<\/h2>\n<p>\u5982\u679c\u5176\u4ed6\u61c9\u7528\u4e5f\u8981\u5957\u7528\uff0c\u4f8b\u5982\u7db2\u9801\u767b\u5165\uff0c\u90a3\u5c31\u8981\u591a\u8cbb\u9ede\u529f\u592b<\/p>\n<ul>\n<li><a class=\"question-hyperlink\" href=\"https:\/\/serverfault.com\/questions\/842943\/fail2ban-regex-not-matching\" target=\"_blank\" rel=\"noopener\">fail2ban regex not matching<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/fail2ban\/fail2ban\/issues\/2078\" target=\"_blank\" rel=\"noopener\">Regex not matching for no reason #2078<\/a><\/li>\n<li><a href=\"https:\/\/manpages.debian.org\/testing\/fail2ban\/jail.conf.5.en.html\" target=\"_blank\" rel=\"noopener\">jail.conf(5) \u2014 fail2ban \u2014 Debian testing \u2014 Debian Manpages<\/a><\/li>\n<\/ul>\n<p>\u9700\u8981\u81ea\u8a02\u898f\u5247\u5efa\u8b70\u5148\u4f7f\u7528 fail2ban-regex \u6307\u4ee4\u9032\u884c\u6a21\u64ec\uff0c\u5982\u6b64\u6c7a\u5b9a log \u683c\u5f0f\u4ee5\u53ca\u6b63\u898f\u5f0f\u898f\u5247<\/p>\n<p>log \u81f3\u5c11\u9700\u8981\u5305\u542b IP \u4ee5\u53ca\u6642\u9593\uff0c\u6642\u9593\u6700\u597d\u5305\u542b\u6642\u5340\uff0c\u4f8b\u5982<\/p>\n<pre class=\"lang:default decode:true\">192.168.0.99 2020-11-22 00:00:30 CST<\/pre>\n<p>\u4f7f\u7528 fail2ban-regex \u9a57\u8b49\u6b63\u898f\u5f0f\u662f\u5426\u53ef\u6293\u53d6 log \u8cc7\u6599\u683c\u5f0f<\/p>\n<pre class=\"lang:default decode:true\"># fail2ban-regex -d '%Y-%m-%d %H:%M:%S %Z' '192.168.0.99 2020-11-21 14:03:00 CST'  '&lt;ADDR&gt; .*'\r\n\r\nRunning tests\r\n=============\r\n\r\nUse      datepattern : Year-Month-Day 24hour:Minute:Second\r\nUse   failregex line : &lt;ADDR&gt; .*\r\nUse      single line : 192.168.0.99 2020-11-21 14:03:00\r\n\r\n\r\nResults\r\n=======\r\n\r\nFailregex: 1 total\r\n|-  #) [# of hits] regular expression\r\n|   1) [1] &lt;ADDR&gt; .*\r\n`-\r\n\r\nIgnoreregex: 0 total\r\n\r\nDate template hits:\r\n|- [# of hits] date format\r\n|  [1] Year-Month-Day 24hour:Minute:Second\r\n`-\r\n\r\nLines: 1 lines, 0 ignored, 1 matched, 0 missed\r\n[processed in 0.00 sec]<\/pre>\n<p>\u7de8\u8f2f\u904e\u6ffe\u898f\u5247\u8a2d\u5b9a\u6a94<\/p>\n<pre class=\"lang:default decode:true\"># vi \/etc\/fail2ban\/filter.d\/hoyo-web.conf<\/pre>\n<p>datepattern \u7684\u767e\u5206\u6bd4\u7b26\u865f\u5728\u8a2d\u5b9a\u6a94\u5167\u662f\u9023\u7e8c 2 \u500b<\/p>\n<pre class=\"lang:default decode:true\">[Definition]\r\nfailregex = ^&lt;ADDR&gt; .*$\r\ndatepattern = %%Y-%%m-%%d %%H:%%M:%%S %%Z\r\nignoreregex =<\/pre>\n<p>\u7de8\u8f2f jail.local<\/p>\n<pre class=\"lang:default decode:true\"># vi \/etc\/fail2ban\/jail.local\r\n<\/pre>\n<pre class=\"lang:default decode:true\">[web]\r\nenabled = true\r\nfilter = hoyo-web\r\nlogpath = \/WEBSite\/login_fail.log\r\nmaxretry = 3\r\nfindtime = 10\r\nbantime = 300\r\n<\/pre>\n<p>\u518d\u6b21\u4f7f\u7528 fail2ban-regex \u9a57\u8b49\uff0c\u9019\u6b21\u4f7f\u7528\u6a94\u6848\u9a57\u8b49<\/p>\n<pre class=\"lang:default decode:true\"># fail2ban-regex .\/login_fail.log \/etc\/fail2ban\/filter.d\/hoyo-web.conf<\/pre>\n<p>--<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p class=\"pvc_stats all \" data-element-id=\"7678\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> &nbsp;1,231&nbsp;total views, &nbsp;1&nbsp;views today<\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>-- \u53c3\u8003\u8cc7\u6e90 fail2ba...<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p class=\"pvc_stats all \" data-element-id=\"7678\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> &nbsp;1,231&nbsp;total views, &nbsp;1&nbsp;views today<\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[31],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/7678"}],"collection":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7678"}],"version-history":[{"count":21,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/7678\/revisions"}],"predecessor-version":[{"id":7694,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/7678\/revisions\/7694"}],"wp:attachment":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}