# Fail2ban

sudo apt install fail2ban

使用docker

{% embed url="<https://github.com/crazy-max/docker-fail2ban>" %}

## Fail2ban  的主要有以下三個設定檔&#x20;

&#x20;jail.(conf|local) ：用來設定 ,定義與 action 的對應關係。

filter.d/ 用來定義過濾條件 (filter) ,目錄下已定義多種既有的過濾條件,常見的軟體有 apache、nginx 、 sshd 、 vsftpd  等,記錄檔格式也可能為 Syslog 、 Common Log Format 等。&#x20;

action.d/ 用來定義動作 (action) ,目錄下已定義多種既有的動作,像是sendmail 『寄信通知』、 iptables 阻擋來源位址、使用 whois 查詢來源 domain 或 自動通知該來源 IP 的管理者。&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kawsing.gitbook.io/opensystem/andoid-shou-ji/untitled-4/fail2ban.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.