fail2ban 使用

安装

yum -y install fail2ban

使用

一、 对访问500进行过滤

创建 jail.local 文件

cd /etc/fail2ban
vim jail.local

[DEFAULT]
maxretry    = 30
bantime     = 3600
ignoreip    = 127.0.0.1

[nginx-500]
maxretry    = 8
enabled     = true
filter      = nginx-500
action      = iptables-multiport[name=nginx_500, port="http,https", protocol=tcp]
logpath     = /var/log/nginx/access.log
findtime    = 3600

创建 filter 配置文件

vim filter.d/nginx-500.conf

[Definition]
failregex = <HOST>(.*) 500 \d+ (.*)
ignoreregex = .*(favicon\.ico|\.jpg|\.png|\.gif|\.css|\.js)

查看防火墙

iptables -nL

Chain INPUT (policy DROP)
target     prot opt source               destination
...
f2b-nginx_500  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80,443
...

Chain f2b-nginx_500 (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

二、触发脚本

编辑 jail.local

vim jail.local

[DEFAULT]
maxretry    = 30
bantime     = 3600
ignoreip    = 127.0.0.1

[nginx-500]
maxretry    = 8
enabled     = true
filter      = nginx-500
action      = script    # 修改
logpath     = /var/log/nginx/access.log
findtime    = 3600

创建 action 配置文件

vim action.d/script.conf

[Definition]
actionstart =
actionstop =
actioncheck =
actionban =  python /root/script.py <ip>
actionunban =

[Init]
name = default