前日照大鸟博客介绍的方法,给服务器配好了fail2ban。
大鸟的教程足够用了,照着搞就行了,没什么可说的。
但是装完以后,疑心病开始作祟,担心ban掉的IP并没有成功,又不舍得拿自己的IP做实验,只好上网寻找方法。
很快找到了,原文:VIA。
其实方法很简单,不过两个命令而已。
第一个命令用来查看fail2ban配置的规则是否已经生效。
firewall-cmd --direct --get-all-rules
结果如下:
# firewall-cmd --direct --get-all-rules ipv4 filter INPUT 0 -p tcp -m multiport --dports 25 -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-nginx-cc src -j REJECT --reject-with icmp-port-unreachable ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-nginx-http1_1 src -j REJECT --reject-with icmp-port-unreachable
第二个命令用来查看在fail2ban黑名单里的IP是否已经加到了firewall中。
ipset list
结果如下:
# ipset list Name: fail2ban-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 86400 Size in memory: 88 References: 0 Number of entries: 0 Members: Name: fail2ban-nginx-http1_1 Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 259200 Size in memory: 9112 References: 0 Number of entries: 101 Members: 118.91.190.213 timeout 253217 115.200.232.50 timeout 253217 2.202.27.107 timeout 253218 93.175.1.231 timeout 253219 14.102.23.170 timeout 253218 167.99.237.77 timeout 253218 65.155.30.101 timeout 257357 118.83.104.11 timeout 255975 78.188.117.118 timeout 253219 65.95.73.2 timeout 253219 1.30.24.80 timeout 253475 103.206.102.95 timeout 253216 123.191.142.138 timeout 253218 118.97.142.250 timeout 253217 171.244.38.133 timeout 253218 186.4.125.247 timeout 253218 168.194.154.104 timeout 253218 134.209.83.124 timeout 253218 181.129.48.74 timeout 253218 139.59.38.68 timeout 253218 211.97.122.47 timeout 253218 36.67.228.141 timeout 253218 77.93.4.37 timeout 253219 198.167.223.52 timeout 253218 125.36.253.36 timeout 253218 116.113.36.100 timeout 253217 196.52.43.89 timeout 256487 36.152.65.200 timeout 253218 104.152.52.21 timeout 253216 118.97.133.251 timeout 253217 109.13.159.164 timeout 253217 185.75.5.43 timeout 253218 79.190.26.50 timeout 255980 2.183.98.171 timeout 253218 92.187.58.1 timeout 253219 187.11.38.21 timeout 253218 185.248.100.159 timeout 253218 189.97.73.224 timeout 253218 218.211.168.178 timeout 253218 191.254.249.232 timeout 253218 60.13.136.16 timeout 253219 116.252.2.147 timeout 253217 95.244.79.136 timeout 253219 14.102.58.107 timeout 253218 62.80.164.166 timeout 253219 67.129.129.52 timeout 253219 125.76.60.225 timeout 253218 81.28.197.229 timeout 253219 123.157.192.196 timeout 253218 197.245.147.154 timeout 253218 198.108.66.192 timeout 253218 142.252.248.39 timeout 253218 107.6.183.226 timeout 253217 185.47.66.86 timeout 253218 221.232.204.229 timeout 253218 125.76.61.231 timeout 253218 177.66.194.202 timeout 253218 180.241.37.249 timeout 253218 5.236.167.71 timeout 253218 117.15.88.86 timeout 253217 107.170.193.44 timeout 253217 170.150.100.85 timeout 253218 120.39.52.223 timeout 253218 170.78.3.87 timeout 253218 1.31.160.243 timeout 253216 90.177.244.100 timeout 253219 58.19.1.237 timeout 253218 71.6.146.185 timeout 253219 89.248.172.90 timeout 253219 170.79.202.108 timeout 253218 1.31.160.199 timeout 253216 72.143.46.210 timeout 253219 125.76.60.35 timeout 253218 36.35.31.129 timeout 253218 95.13.113.15 timeout 253219 71.6.232.4 timeout 253219 91.205.162.132 timeout 253219 200.53.19.243 timeout 253218 60.13.136.33 timeout 253219 147.158.173.87 timeout 253218 114.69.233.66 timeout 253217 45.221.219.111 timeout 253218 211.97.122.176 timeout 253218 151.234.42.132 timeout 255556 185.53.88.120 timeout 253218 182.176.138.75 timeout 253218 106.12.124.99 timeout 253217 177.102.163.149 timeout 253218 216.245.197.254 timeout 253218 139.162.106.181 timeout 253218 125.64.94.200 timeout 253218 191.193.196.44 timeout 253218 173.249.11.205 timeout 253218 182.138.214.36 timeout 253218 177.138.207.99 timeout 253218 192.99.15.139 timeout 253218 201.26.158.16 timeout 253218 182.138.137.73 timeout 253218 182.109.239.119 timeout 253218 170.82.20.254 timeout 253218 218.8.47.59 timeout 253218 Name: fail2ban-nginx-cc Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 14400 Size in memory: 472 References: 0 Number of entries: 4 Members: 113.91.37.122 timeout 8417 27.38.22.249 timeout 8418 54.92.155.89 timeout 8418 118.24.55.151 timeout 8417
就酱紫。
P.S:宝塔面板默认不带fail2ban的做法,不敢苟同。
这功能没开启,除了web端口外,我关了所有端口。
就是web端口也有很多进行CC攻击的。你可以看一下自己的log,莫名其妙地POST和GET并不存在的文件的,就是这种攻击。
这种行为会增加服务器开销。
还有进行登录尝试的,穷举SSH端口的,不遵守爬虫规则的,直接访问IP的,都可以通过fail2ban把它们收了。
这个防不住我说过的那种分布式主动探测,而且可能会一刀切死大量用二级运营商的用户
死道友不死贫道,误伤就误伤吧。
表示没用过这些高大上的东西emmmm
我也在大鸟博客,学习了好多教程~感觉这个博客不错
他比较有耐心。
说实话我曾经费尽心机的关掉这东东
把规则清空就行了。或者不启动也行。怎么要到费尽心机的程度呢?
哈哈,需求不同,不过很专业
如果不生效怎办?我用你写的这命令没有ipv4这几行信息,member下也没有ip
firewall-cmd –direct –get-all-rules
这条命令显示东西了么?如果没有说明没创建规则。