From 03bcf813bee9340774c5ae9cf06597cd09fa8069 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 27 Nov 2024 14:31:41 +0800 Subject: [PATCH] =?UTF-8?q?Update=20=E4=B8=AA=E4=BA=BA=E5=90=91Linux?= =?UTF-8?q?=E6=96=B0=E6=9C=8D=E5=8A=A1=E5=99=A8=E5=88=9D=E5=A7=8B=E5=8C=96?= =?UTF-8?q?=E6=B8=85=E5=8D=95.md=20(#101)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update 个人向Linux新服务器初始化清单.md * Update 个人向Linux新服务器初始化清单.md --- .../posts/个人向Linux新服务器初始化清单.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/content/posts/个人向Linux新服务器初始化清单.md b/content/posts/个人向Linux新服务器初始化清单.md index 39fe682..c6d77c6 100644 --- a/content/posts/个人向Linux新服务器初始化清单.md +++ b/content/posts/个人向Linux新服务器初始化清单.md @@ -277,6 +277,51 @@ sudo timedatectl set-timezone Asia/Shanghai 懂得都懂,自己搜 +### 2.6 fail2ban 配置 +使用 fail2ban 可以很好地保护你的服务器,避免被人恶意爆破 SSH 等服务。 +```bash +// 安装 fail2ban +sudo apt update && sudo apt install fail2ban +sudo systemctl enable fail2ban +``` +之后需要按照实际情况修改一下配置文件。 这里记录一下最小配置. 注意默认的配置 `/etc/fail2ban/jail.conf`不要改,不然每次软件更新会被覆盖。 在 jaid.d 这个目录下面新建一个文件`/etc/fail2ban/jail.d/local.conf` +```conf +[sshd] +enabled = true +port = 20000 # 这里修改为实际的 sshd 端口 +filter = sshd +banaction = iptables-allports + +[DEFAULT] +findtime = 3600 # 1h 时间窗口 +maxretry = 3 +bantime = 6h +``` + +之后重启`sudo systemctl restart fail2ban`, 然后可以看下服务状态是否正常 `sudo systemctl status fail2ban`, 如果配置文件有问题会报错。如果是显示` active (running)` 就说明没有问题了。 + +fail2ban的测试及关闭服务方法: + +查看当前封禁IP:`sudo fail2ban-client status sshd` +解禁某一IP: `sudo fail2ban-client set sshd unbanip IP_ADDRESS` +停止fail2ban服务:`sudo systemctl stop fail2ban` +关闭fail2ban服务:`sudo systemctl disable fail2ban` + +刚配置没一会就有 IP 被封禁了,可以看到效果还是很给力,也安心了不少 +``` +➜ sudo fail2ban-client status sshd +Status for the jail: sshd +|- Filter +| |- Currently failed: 1 +| |- Total failed: 6 +| `- File list: /var/log/auth.log +`- Actions + |- Currently banned: 1 + |- Total banned: 1 + `- Banned IP list: 154.216.19.42 +``` + + ## 3 - 进阶内容 ### 3.1 内核参数调优