使用 fail2ban 自动拉黑暴力破解的 IP

[Bpazy]

安装:

sudo apt install fail2ban

配置 ssh 自动拉黑:

sudo cat << EOF  /etc/fail2ban/jail.local
[sshd]
enabled = true
EOF

默认配置在 /etc/fail2ban 下的 *.conf 文件中，按官方文档秒数，自定义规则应当使用 *.local 的形式。

看一下默认拉黑规则: cat /etc/fail2ban/jail.conf

# 省略了其他部分
# "bantime" is the number of seconds that a host is banned.
bantime  = 10m

# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 10m

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

可以看到，默认会查找 10 分钟之内尝试 5 次错误的登录，拉黑时长 10 分钟。

更多详细配置，请参阅官方文档: Proper fail2ban configuration