1.安装:

rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

yum -y install fail2ban

2.配置

/etc/fail2ban/fail2ban.conf 可默认 #logtarget = /var/log/fail2ban.log 输出到指定地方可查看

/etc/fail2ban/jail.conf

====================================

[INCLUDES]
before = paths-fedora.conf

[DEFAULT]

ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 600
findtime = 600
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
enabled = true

filter = %(__name__)s

destemail = root@localhost
sender = root@localhost
mta = sendmail
protocol = tcp

chain = INPUT
port = 0:65535
banaction = iptables-multiport

# SSH servers

[sshd]

port = ssh
logpath = /var/log/messages #centos 是这个文件在记录
filter = sshd #这个名字与filter.d下面的配置文件对应
maxretry = 3   #连续失败3次
findtime = 600 # 查找失败次数的时长（秒）---多长时间内连续失败3次

bantime = 2592000 #一个月 --客户端主机被禁止的时长（秒
action = iptables[name=SSH, port=ssh, protocol=tcp]

====================================

4.启动和查看状态

chkconfig fail2ban on

service fail2ban start #如果启动不了或报错, 清空iptables -F,再试试

service fail2ban restatus

service fail2ban status

fail2ban-client status sshd  #这个名字与filter.d下面的配置文件对应

5.解锁特定的IP地址

fail2ban-client set sshd unbanip 192.168.1.8 或删除iptables条目 iptables -D f2b-SSH -s 192.168.1.8-j DROP

by the way;

denyhost 也可以做到这样的功能,但他们是有区别的, 个人理解,有了解的请指正

denyhost 是全球共享数据库, 直接就禁用了不明的IP并且只是针对ssh服务

f2b 可能针对很多服务分别进行配置.像nginx等只要在filter.d里面的都能监控