探路者 asked 8 年 ago
老大,
fail2ban的软件功能非常强大,国际上很多VPS提供商都对它很青睐,目前我看到只默认加了ssh的功能,还有非常多的防范功能能加,
请老大考虑一下,
另外,我参考了:
https://www.linode.com/docs/security/using-fail2ban-for-security
感觉这种安装方法简单很多,我看了oneinstack的addons.sh安装脚本,有几点发现:
1.启动和开机启动直接用如下:应该无需用cp files/redhat-initd /etc/init.d/fail2ban
systemctl start fail2ban
systemctl enable fail2ban
2.日志处理好像能自动设置的,我按照Linode的方法安装后在:etc/logrotate.d/fail2ban就用如下内容了:
#
# Gentoo:
# http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-logrotate?view=markup
#
# Debian:
# https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate
/var/log/fail2ban.log {
missingok
notifempty
postrotate
/usr/bin/fail2ban-client flushlogs >/dev/null || true
endscript
}
如上仅供参考啊,
谢谢!
fail2ban的软件功能非常强大,国际上很多VPS提供商都对它很青睐,目前我看到只默认加了ssh的功能,还有非常多的防范功能能加,
请老大考虑一下,
另外,我参考了:
https://www.linode.com/docs/security/using-fail2ban-for-security
感觉这种安装方法简单很多,我看了oneinstack的addons.sh安装脚本,有几点发现:
1.启动和开机启动直接用如下:应该无需用cp files/redhat-initd /etc/init.d/fail2ban
systemctl start fail2ban
systemctl enable fail2ban
2.日志处理好像能自动设置的,我按照Linode的方法安装后在:etc/logrotate.d/fail2ban就用如下内容了:
#
# Gentoo:
# http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-logrotate?view=markup
#
# Debian:
# https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate
/var/log/fail2ban.log {
missingok
notifempty
postrotate
/usr/bin/fail2ban-client flushlogs >/dev/null || true
endscript
}
如上仅供参考啊,
谢谢!
1 Answers
oneinstackPlease login or Register to submit your answer