使用Fail2ban保护SSH、MySQL 登录防止暴力破解

sudo apt update && sudo apt install fail2ban

sudo yum install epel-release && sudo yum install fail2ban

sudo systemctl enable --now fail2ban

编辑 /etc/fail2ban/jail.local（若不存在则新建）：

[Definition]
allowipv6 = auto

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1

[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
findtime = 10m
bantime = 24h
ignoreip = 127.0.0.1/8 192.168.1.0/24
maxmatches = 3

[mysql]
enabled = true
port = 3306
filter = mysqld-auth
logpath = /var/log/mysql/mysql.log
maxretry = 6
bantime = 3600
maxmatches = 3
findtime = 10m

重启 Fail2ban

sudo systemctl restart fail2ban

查看运行状态

sudo fail2ban-client status
sudo fail2ban-client status sshd # 检查SSH监狱
sudo fail2ban-client status mysql # 检查MySQL监狱
sudo fail2ban-client status laravel # 检查Laravel监狱

测试正则匹配（调试用）

sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf