DirectAdmin(DA)专用的fail2ban SSH、FTP定制规则
1. 将jail.conf规则文件备份一次
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak
2. 编辑jail.conf
vi /etc/fail2ban/jail.conf
3. SSH规则
[ssh-iptables] enabled = true #开启 filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] #port为您SSH的端口号 logpath = /var/log/secure #日志(一般情况无需修改) bantime = 86400 # 封锁时间,单位:秒 findtime = 600 # 在多长时间内错误达到3次启动封锁 maxretry = 3 # 尝试次数
4. ProFTPD 的配置
[ProFTPD-iptables] enabled = true filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] logpath = /var/log/proftpd/auth.log bantime = 86400 findtime = 600 maxretry = 5
5. 修改正则匹配规则
vi /etc/fail2ban/filter.d/proftpd.conf
2). 替换规则
先选定failregex后的四行代码,然后替换为:
failregex = (.*) (.*) <HOST> (.*) (.*) 530
6. 保存并重启Fail2ban
service fail2ban restart
本文核心代码来自:http://www.kwx.gd/CentOSApp/CentOS-DA-fail2ban.html