# Set fail2ban.
sudo yum --enablerepo=epel -y install fail2ban
sudo touch /etc/fail2ban/filter.d/apache-ddos.conf
sudo sh -c "echo '[Definition]' >> /etc/fail2ban/filter.d/apache-ddos.conf"
sudo sh -c "echo 'failregex = ^<HOST> -.*\"(GET|POST).*' >> /etc/fail2ban/filter.d/apache-ddos.conf"
sudo sh -c "echo 'ignoreregex = \.(?i)(jpe?g|gif|png|bmp|pdf|js|css|woff|eot|ttf|ico|txt|xml|swf|xlsx?|docx?|pptx?)' >> /etc/fail2ban/filter.d/apache-ddos.conf"
sudo touch /etc/fail2ban/filter.d/apache-403.conf
sudo sh -c "echo '[Definition]' >> /etc/fail2ban/filter.d/apache-403.conf"
sudo sh -c "echo 'failregex = ^<HOST>.*\"(GET|POST).*\" 403 .*$' >> /etc/fail2ban/filter.d/apache-403.conf"
sudo sh -c "echo 'ignoreregex = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16' >> /etc/fail2ban/filter.d/apache-403.conf"
sudo touch /etc/fail2ban/filter.d/apache-404.conf
sudo sh -c "echo '[Definition]' >> /etc/fail2ban/filter.d/apache-404.conf"
sudo sh -c "echo 'failregex = ^<HOST>.*\"(GET|POST).*\" 404 .*$' >> /etc/fail2ban/filter.d/apache-404.conf"
sudo sh -c "echo 'ignoreregex = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16' >> /etc/fail2ban/filter.d/apache-404.conf"
sudo touch /etc/fail2ban/jail.local
sudo sh -c "echo '[DEFAULT]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'bantime = 86400' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'findtime = 86400' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'maxretry = 5' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '[ssh-iptables]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'enabled = true' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'filter = sshd' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'logpath = /var/log/secure' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'action = iptables-multiport[name=SSH, port=ssh, protocol=tcp]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'bantime = 86400' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'findtime = 300' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'maxretry = 3' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '[apache-ddos]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'enabled = true' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'port = http,https' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'filter = apache-ddos' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'logpath = %(apache_access_log)s' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'maxretry = 50' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'findtime = 5' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'bantime = 86400' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'action = iptables-multiport[name="DDoS", port="http,https", protocol="tcp"]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '[apache-403]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'enabled = true' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'port = http,https' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'filter = apache-403' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'logpath = %(apache_access_log)s' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'action = iptables-multiport[name="403", port="http,https", protocol="tcp"]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'maxretry = 10' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'findtime = 20' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'bantime = 86400' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '' >> /etc/fail2ban/jail.local"
sudo sh -c "echo '[apache-404]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'enabled = true' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'port = http,https' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'filter = apache-404' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'logpath = %(apache_access_log)s' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'action = iptables-multiport[name="404", port="http,https", protocol="tcp"]' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'maxretry = 10' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'findtime = 20' >> /etc/fail2ban/jail.local"
sudo sh -c "echo 'bantime = 86400' >> /etc/fail2ban/jail.local"
sudo chkconfig fail2ban on
sudo service fail2ban start
CentOS下设置fail2ban保护ssh、apache-ddos、apache-403、apache-404的shell脚本
猜你喜欢
转载自blog.csdn.net/allway2/article/details/108185593
今日推荐
周排行