各种情况下 Proxmox VE 的登陆界面需要暴露在公网的时候,需要使用 fail2ban 来保护它不被暴力破解。
创建 filter
文件 /etc/fail2ban/filter.d/proxmox.conf
1
2
3
| [Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
|
创建 jail
文件 /etc/fail2ban/jail.d/proxmox.conf
1
2
3
4
5
6
7
8
| [proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
bantime = 3600
|
重启 fail2ban
1
| ~> systemctl restart fail2ban
|
然后检查是否配置生效
1
2
3
4
| ~> fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: proxmox, sshd
|