centos下fail2ban安装与配置详解

[lighttpd-auth]

enabled  = true
filter   = lighttpd-auth
action   = iptables-multiport[name=lighttpd-auth, port="http,https"]
# adapt the following two items as needed
logpath  = /var/log/lighttpd/error.log
maxretry = 2
vsftpd防攻击规则

[vsftpd-notification]

enabled  = true
filter   = vsftpd
action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800

[vsftpd-iptables]

enabled  = true
filter   = vsftpd
action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800
pure-ftpd防攻击规则

[pure-ftpd]
enabled  = true
filter   = pure-ftpd
action   = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
logpath  = /var/log/pureftpd.log
maxretry = 2
bantime  = 86400
mysql防攻击规则

[mysqld-iptables]

enabled  = true
filter   = mysqld-auth
action   = iptables[name=mysql, port=3306, protocol=tcp]
           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/mysqld.log
maxretry = 5
apache phpmyadmin防攻击规则

[apache-phpmyadmin]
enabled  = true
filter   = apache-phpmyadmin
action  = iptables[name=phpmyadmin, port=http,https protocol=tcp]
logpath  = /var/log/httpd/error_log
maxretry = 3
# /etc/fail2ban/filter.d/apache-phpmyadmin.conf
将以下内容粘贴到apache-phpmyadmin.conf里保存即可以创建一个apache-phpmyadmin.conf文件.

# Fail2Ban configuration file
#
# Bans bots scanning for non-existing phpMyAdmin installations on your webhost.
#
# Author: Gina Haeussge
#

[Definition]

docroot = /var/www
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2

# Option:  failregex
# Notes.:  Regexp to match often probed and not available phpmyadmin paths.
# Values:  TEXT
#
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s)

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
# service fail2ban restart

写在最后，在安装完fail2ban后请立即重启一下fail2ban,看是不是能正常启动，因为在后边我们配置完规则后如果发生无法启动的问题我们可以进行排查.如果安装完后以默认规则能够正常启动，而配置完规则后却不能够正常启动，请先检查一下你 /var/log/ 目录下有没有规则里的 logpath= 后边的文件，或者这个文件的路径与规则里的是不是一致. 如果不一致请在 logpath 项那里修改你的路径， 如果你的缓存目录里没有这个文件，那么请你将该配置项的 enabled 项目的值设置为 false. 然后再进行重启fail2ban，这样一般不会有什么错误了.