fail2ban阻止SSH以及FTP和Mysql暴力破解_chaihongjun.me|柴宏俊web技术学习笔记

基于oneinstack的fai2ban阻止ssh被暴力破解，拓展到对FTP和Mysql的防护，参考文章《fail2ban阻止SSH暴力破解》

首先修改pure-ftpd的配置文件，开启FTP的日志记录：

vi /usr/local/pureftpd/etc/pure-ftpd.conf

Altlog clf:/var/log/pureftpd.log

然后创建这个日志文件：

touch /var/log/pureftpd.log

接着修改fail2ban配置文件：

vi /etc/fai2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 2592000           #封30天
findtime = 600
maxretry = 3                 #3次试错机会
[ssh-iptables]
enabled = true
filter  = sshd
action  = iptables[name=SSH, port=22, protocol=tcp]
logpath = /var/log/secure
### 以下是增加的对pure-ftp的支持
[pure-ftpd]
enabled = true
filter  = pure-ftpd
action  = iptables[name=pure-ftpd, port=ftp, protocol=tcp]
logpath = /var/log/pureftpd.log
### 以下是增加的对mysql的支持
[mysqld]
enabled = true
filter   = mysqld-auth
action   = iptables[name=mysql,port=3306,protocol=tcp]
port     = 3306
logpath  =  /data/mysql/mysql-error.log

除了FTP,也可以增加对MySql的防护支持

然后重启fail2ban

service pureftpd restart
service mysql restart
service fail2ban restart

fail2ban的状态检测：

# fail2ban config file                                                  
/etc/fail2ban/jail.local                                                
#查看SSH被封IP情况                                                      
/usr/local/python/bin/fail2ban-client status ssh-iptables                
#查看FTP被封IP情况                                                      
/usr/local/python/bin/fail2ban-client status pure-ftpd                   
#查看MySql被封IP情况                                                      
/usr/local/python/bin/fail2ban-client status mysqld
#指定解封某个SSH禁封的IP                                                  
/usr/local/python/bin/fail2ban-client set ssh-iptables unbanip X.X.X.X  
#指定解封某个FTP禁封的IP                                                 
/usr/local/python/bin/fail2ban-client set pure-ftpd unbanip X.X.X.X     
#指定解封某个MySql禁封的IP                                                  
/usr/local/python/bin/fail2ban-client set mysqld unbanip X.X.X.X          
#查看有几个jail                                                     
/usr/local/python/bin/fail2ban-client status