Linux安装fail2ban防止SSH爆破

以Debian为例(别的可以依葫芦画瓢)

安装

apt-get install fail2ban

直接复制粘贴全部到SSH窗口即可

配置参数

fail2ban="/etc/fail2ban/jail.d/sshd.local"
cat>"${fail2ban}"<<EOF
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log # 如果是Centos路径要改/var/log/secure这个
maxretry = 9 # 最多连接9次失败
bantime = 777600 # 禁止9天(按秒单位1天86400)
EOF

启动&开机自启

systemctl start fail2ban.service
systemctl enable fail2ban.service