centos安装fail2ban防止VPS被暴力破解

安装fail2ban：

yum install fail2ban

安装版本0.9.3
Installing : fail2ban-0.9.3-1.el6.noarch

修改/etc/fail2ban/fail2ban.conf，更改日志路径
#logtarget = SYSLOG
logtarget =/var/log/fail2ban.log

在/etc/fail2ban目录添加jail.local来定义拦截规则（不要直接修改jail.conf）
[ssh-iptables]
ignoreip = 127.0.0.1/8 58.0.0.0/8
bantime = 3600
findtime = 3600
#enabled = false
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
# mail-whois[name=SSH, dest=yourmail@mail.com]
logpath = /var/log/secure
maxretry = 3
使用 fail2ban-client命令调试，参考：
12

fail2ban-client start

查看记录/var/log/fail2ban.log

自启动
service fail2ban start

匹配规则测试
fail2ban-regex /www/wdlinux/nginx/logs/access.log /etc/fail2ban/filter.d/nginx-bot.conf

如果iptables时1.4.20版本以前的，还需修改/etc/fail2ban/action.d/iptables-common.conf，因为不支持-w参数：

# Option: lockingopt
# Notes.: Option was introduced to iptables to prevent multiple instances from
# running concurrently and causing irratic behavior. -w was introduced
# in iptables 1.4.20, so might be absent on older systems
# See https://github.com/fail2ban/fail2ban/issues/1122
# Values: STRING
#lockingopt = -w
lockingopt =

另注意：日志中的时间需要和当前时间同步，如果不同步，就需要把findtime时间改大，覆盖日志时间