# 安装 fail2ban logd opkg update opkg install fail2ban logd# 创建日志目录 mkdir -p /var/log# 配置 syslog 写入文件(uci方式) uci set system.@system[0].log_file='/var/log/messages' uci set system.@system[0].log_size='10240' # 10MB uci commit system /etc/init.d/log restart# 创建 dropbear 过滤器 cat > /etc/fail2ban/filter.d/dropbear.conf << 'EOF' [Definition] failregex = ^.*dropbear\[\d+\]: Login attempt for nonexistent user from <HOST>:\d+$^.*dropbear\[\d+\]: Bad password attempt for '.*' from <HOST>:\d+$^.*dropbear\[\d+\]: Exit before auth from <HOST>:\d+ .* ignoreregex = EOF# 创建 jail 配置 cat > /etc/fail2ban/jail.local << 'EOF' [DEFAULT] bantime = 7200 findtime = 600 maxretry = 5 backend = auto[dropbear] enabled = true port = 22 filter = dropbear logpath = /var/log/messages action = nftables-multiport[name=dropbear, port="22", protocol=tcp] EOF# 重启 fail2ban /etc/init.d/fail2ban restart# 检查状态 fail2ban-client status dropbear# 查看 fail2ban 日志 cat /var/log/fail2ban.log# 测试 /var/log/messages 日志是否被 dropbear.conf 中的正则表达式命中 fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/dropbear.conf