/etc/fail2ban/jail.local
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory
[ssh]
enabled = true
banaction = ufw-ssh
port = 2992
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
/etc/fail2ban/action.d/ufw-ssh.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any app OpenSSH
actionunban = ufw delete deny from <ip> to any app OpenSSH
注意:您配置fail2ban使用ufw并使用"insert 1"语法首先插入新规则。无论顺序如何,删除操作都能找到该规则。
这里有一篇详细的博文。
http://blog.vigilcode.com/2011/05/ufw-with-fail2ban-quick-secure-setup-part-ii/
[EDIT] For ubuntu 16.04+
by default a "defaults-debian.conf
" in /etc/fail2ban/jail.d
with content
[sshd]
enabled = true
will activated a the ssh protection of fail2ban.
You need to put it at false.
Then create a jail.local like you would do in general, mine would be like this:
[ssh-with-ufw]
enabled = true
port = 22
filter = sshd
action = ufw[application="OpenSSH", blocktype=reject]
logpath = /var/log/auth.log
maxretry = 3
There is already a ufw.conf in the fail2ban default installation so no need to create one.
The only specific change for you jail.local would be at action line where you need to put the application concerned for the protection and what you want to get as result.
ufw tend to detect automatically a certain amount of app running using the network. To have the list just type sudo ufw app list
. It's case-sensitive.
reload fail2ban and you'll no longer see the fail2ban chain and if any IP get a block you'll see it in sudo ufw status
ufw status
中显示封锁的内容,就需要进行集成。除了在ufw status
中显示封锁的内容外,还有其他好处吗?特别是因为博客作者说过以下话:开箱即用的Fail2ban适用于iptables规则,但这些规则与我们更简单的UFW命令不兼容(...) - boukeufw status
中看到被阻止的IP是没有意义的,因为你可以使用fail2ban-client
工具来查看被禁止的IP。 - Michael Härtlufw
的操作,我只需要将其设置为banaction
即可。sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano jail.local
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
sudo /etc/init.d/fail2ban restart