安装fail2ban工具来实现防暴力破解，防止恶意攻击，锁定恶意攻击IP。

 

1、如果是centos系统，先yum安装fail2ban

[root@VM_152_184_centos /]# yum -y install fail2ban

2、为了更好的看到有哪些IP在尝试暴利破解，先定义好日志文件路径

[root@VM_152_184_centos /]# cat /etc/fail2ban/fail2ban.conf |grep -v ^# [Definition] loglevel = 3 logtarget = SYSLOG　　//这里是日志路径，可以自定义，比如：/var/log/fail2ban.log socket = /var/run/fail2ban/fail2ban.sock pidfile = /var/run/fail2ban/fail2ban.pid

3、自定义主配置文件（当然，也可以不修改，保持默认配置）

[root@VM_152_184_centos /]# cat /etc/fail2ban/jail.conf |grep -v ^# |less [DEFAULT] ignoreip = 127.0.0.1/8 bantime  = 600　　//屏蔽、锁定时间，单位：s findtime  = 600　　//600s内尝试登陆失败超过规定次数将被锁定 maxretry = 3　　//最大登陆失败次数 backend = auto usedns = warn

4、最后，启动fail2ban，使其配置生效

[root@VM_152_184_centos /]# service fail2ban start

最后，再查看一下fail2ban日志文件，可以看到已经屏蔽的IP列表（Ban ip是屏蔽/锁定的IP，Unban ip是自动解锁的IP）

[root@VM_152_184_centos /]# cat /var/log/fail2ban.log | grep "ban"2014-04-15 21:12:18,053 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.1512014-04-15 21:42:19,037 fail2ban.actions: WARNING [ssh-iptables] Unban 198.104.137.1512014-04-15 22:12:16,001 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.2182014-04-15 22:42:16,305 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.2182014-04-15 23:02:02,609 fail2ban.actions: WARNING [ssh-iptables] Ban 117.34.91.1702014-04-15 23:26:10,651 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.1722014-04-15 23:28:02,391 fail2ban.actions: WARNING [ssh-iptables] Ban 198.104.137.1512014-04-15 23:32:03,428 fail2ban.actions: WARNING [ssh-iptables] Unban 117.34.91.1702014-04-15 23:46:07,364 fail2ban.actions: WARNING [ssh-iptables] Ban 116.10.191.2052014-04-15 23:56:10,893 fail2ban.actions: WARNING [ssh-iptables] Unban 116.10.191.172