一、新加仓库源地址

二、安装

三、查看日志

四、查看启用监控的列表

五、查看被sshd服务进制的ip地址：

六、从fail2ban中删除进制的IP地址

一、新加仓库源地址

# yum install epel-release

# cat /etc/redhat-release

Anolis OS release 8.6

# cat /etc/yum.repos.d/epel.repo

[epel]

name=Extra Packages for Enterprise Linux $releasever - $basearch

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place it's address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch

#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir

baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch

repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir

enabled=1

gpgcheck=1

countme=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

[epel-debuginfo]

name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place it's address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug

#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir

baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/debug

enabled=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

gpgcheck=1

[epel-source]

name=Extra Packages for Enterprise Linux $releasever - $basearch - Source

# It is much more secure to use the metalink, but if you wish to use a local mirror

# place it's address here.

#baseurl=https://download.example/pub/epel/$releasever/Everything/SRPMS

#metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir

baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/SRPMS

enabled=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

gpgcheck=1

# dnf repolist epel -v

二、安装

# yum -y install fail2ban  syslog

新建配置文件

# pwd

/etc/fail2ban

# cat jail.local

[DEFAULT]

bantime = 86400

findtime = 600

maxretry = 3

banaction = iptables-multiport

[sshd]

enabled = true

port = 4033

filter = sshd

logpath = /var/log/secure

maxretry = 3

启动：

# systemctl enable fail2ban

三、查看日志

四、查看启用监控的列表

五、查看被sshd服务进制的ip地址：

# fail2ban-client status sshd

# fail2ban-client get sshd banip

在防火墙中被拒绝的IP

# iptable  -nvL

六、从fail2ban中删除进制的IP地址

# fail2ban-client  set ssh  unbanip 192.168.3.66