abuseipdb配合fail2ban自动提交bad ip并封禁
debian/ubuntu系列
安装fail2ban
apt update && apt install fail2ban rsyslog -y
配置 your-key改为你的abuseipdb apikey
nano /etc/fail2ban/jail.local
[DEFAULT]
# 定义默认的 ban 和 unban 时间
bantime = 3600 # 1小时
findtime = 300 # 5分钟
maxretry = 2
ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 169.254.0.0/16 ::1
action = iptables-multiport[name="%(banaction)s", port="%(port)s", protocol="tcp"]
abuseipdb[abuseipdb_apikey="your-key", abuseipdb_category="18,21,22"]
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 2
findtime = 3600
bantime = 604800 #如果之前有默认配置
mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak重启fail2ban配置 如果没有错误就没问题
systemctl restart sshd
systemctl restart fail2ban
fail2ban-client reload
提示 fail2ban版本要大于0.10 fail2ban-client -V 查看版本
官方默认配置最新版
wget -O /etc/fail2ban/action.d/abuseipdb.conf https://github.com/fail2ban/fail2ban/raw/refs/heads/master/config/action.d/abuseipdb.conf
官方配置示例
https://www.abuseipdb.com/fail2ban.html
查看ssh日志是否存在
ls -l /var/log/auth.log
查看状态
systemctl status fail2ban
fail2ban-client status sshd
一键版本
curl -sSL https://gist.github.com/ylx2016/6407d74c4b7ac08548941eac7dffcdb9/raw/90608cd1d6c02aa401f072278d80408c7b67bd1a/fail2ban.sh | bash -s "apikey"