Debian12安装fail2ban加固服务器安全
fail2ban 是一款用于保护服务器免受暴力破解攻击的工具,通过监控日志文件检测恶意行为,并自动触发防火墙规则封禁可疑 IP。
Debian12下安装fail2ban过程如下:
先安装必备软件
apt install git python3 python3-setuptools
从源码安装fail2ban
git clone https://github.com/fail2ban/fail2ban.git
cd fail2ban
sudo python setup.py install
systemd设置fail2ban服务
cd fail2ban
cp ./build/fail2ban.service /etc/systemd/system/
systemctl enable fail2ban
systemctl start fail2ban
检查服务状态
root@box:~# systemctl status fail2ban.service
* fail2ban.service - Fail2Ban Service
Loaded: loaded (/etc/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-04-08 02:54:18 CDT; 12min ago
Docs: man:fail2ban(1)
Process: 2066 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 2067 (fail2ban-server)
Tasks: 3 (limit: 352)
Memory: 12.8M
CPU: 195ms
CGroup: /system.slice/fail2ban.service
`-2067 /usr/bin/python3 /usr/local/bin/fail2ban-server -xf start
Apr 08 02:54:18 box systemd[1]: Starting fail2ban.service - Fail2Ban Service...
Apr 08 02:54:18 box systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 08 02:54:19 box fail2ban-server[2067]: Server ready
ssh配置实例,新建/etc/fail2ban/jail.local文件,内容如下:
[DEFAULT]
# 白名单 IP(如 127.0.0.1 或内网 IP)
ignoreip = 127.0.0.1/8
# 封禁时间(单位秒,-1 表示永久封禁)
bantime = 86400
# 在10分钟内检测失败次数
findtime = 600
# 触发封禁的最大失败尝试次数
maxretry = 3
backend = auto
banaction = ufw
[sshd]
enabled = true
filter = sshd
port = ssh
logpath = /var/log/auth.log
bantime = 86400
findtime = 600
maxretry = 5
fail2ban常用命令
# 查看所有启用的 jail
fail2ban-client status
# 查看某个 jail 的状态(如 sshd)
fail2ban-client status sshd
# 手动封禁 IP
fail2ban-client set sshd banip <IP地址>
# 手动解封 IP
fail2ban-client set sshd unbanip <IP地址>