\u5728\u6210\u529f\u5b89\u88c5\u914d\u7f6e\u4e86shadowsocks-libev\u4e4b\u540e\uff0c\u6211\u53c8\u91cd\u65b0\u4fee\u6539\u4e86\u8bbe\u7f6e\uff0c\u6bd4\u5982\u7aef\u53e3\u548c\u52a0\u5bc6\u65b9\u5f0f<\/p>\n\n\n\n
\u914d\u7f6e\u7aef\u53e3\u8f6c\u53d1\uff1a\u5728\u65b0\u7684\u751f\u4ea7\u73af\u5883\u9700\u8981\u65b0\u7684\u7aef\u53e3\uff0c\u6240\u4ee5\u5bf9\u5e94\u7684\uff0c\u4e5f\u9700\u8981\u5728\u65b0\u7684\u8def\u7531\u5668\u4e0a\u914d\u7f6e\u7aef\u53e3\u8f6c\u53d1\u89c4\u5219\uff0c\u6bd4\u5982 \u516c\u7f51IP\u5730\u5740:25 #\u8f6c\u53d1\u5230\u5185\u7f51IP#192.168.1.***:2525<\/p>\n\n\n\n
\u4fee\u6539\u52a0\u5bc6\u65b9\u5f0f\uff1a\u4e4b\u524d\u7684\u52a0\u5bc6\u65b9\u5f0f\u9009\u7684\u662faes-256-gcm<\/s>\uff0c\u53ef\u662f\u5c34\u5c2c\u7684\u662f\u624b\u673a\u7684\u7ec8\u7aefapp\u4e0a\u53ea\u6709aes-256-cfb\u7684\u9009\u9879(\u4e0d\u77e5\u9053\u5347\u7ea7app\u540e\u4f1a\u4e0d\u4f1a\u6709gcm\u7684\u652f\u6301\uff0c\u4f46\u662f\u670d\u52a1\u7684\u5b97\u65e8\u662f\u7a33\u5b9a\u548c\u53ef\u9760\uff0c\u6240\u4ee5\u4e0d\u5fc5\u8981\u7684\u5347\u7ea7\uff0c\u4e0d\u8981\uff09<\/p>\n\n\n\n
\u63a5\u4e0b\u6765\u624d\u662f\u91cd\u70b9\uff1a<\/p>\n\n\n\n
\u914d\u7f6eshadowsocks-libev\u5f00\u673a\u542f\u52a8<\/strong>\uff1a \uff08\u5176\u5b9e\u65f6\u5019\u53d1\u73b0\u6211\u7684shadowsocks-libev\u672c\u6765\u5c31\u662f\u5f00\u673a\u542f\u52a8\u7684\uff0c\u56e0\u4e3a\u6211\u91cd\u542f\u670d\u52a1\u5668\u540e\uff0c\u670d\u52a1\u4e5f\u81ea\u7136\u5730\u5c31\u4e0a\u6765\u4e86\uff09<\/span><\/p>\n\n\n\n \u5bf9\u4e8e\u6709\u4e9b\u6587\u6863\u91cc\u9762\u5199\u7684\u662f\/usr\/local\/bin\/sslocal -c \/etc\/shadowsocks.json -d start\uff0c\u663e\u7136\u5728\u6211\u7684\u5b89\u88c5\u5730\u5740\u4e2d\uff0c\u6ca1\u6709 \u518d\u60f3\u60f3\uff0c\u53ef\u80fd\u4e5f\u5c31\u662f\u56e0\u4e3a\u662f\u4e00\u4ef6\u5b89\u88c5\u7684\uff0c\u5728\u811a\u672c\u91cc\u9762\u53ef\u80fd\u672c\u6765\u5c31\u914d\u7f6e\u4e86\u5f00\u673a\u542f\u52a8shadowsocks-libev\uff0c\u6240\u4ee5\u5462\u56de\u53bb\u627e\u627e\u79cb\u6c34\u9038\u51b0<\/strong>\u7684\u811a\u672c\uff08\u7b49\u6211\u4e00\u4e0b\uff0c\u9a6c\u4e0a\u56de\u6765\uff09<\/p>\n\n\n\n \u5728\u9644\u5f55\u4e2d\u662f\u79cb\u6c34\u9038\u51b0\u7684\u6e90\u811a\u672c\uff0c\u5728\u4e0b\u9762\u6211\u622a\u9009\u7684\u5728\u4ee3\u7801\u7684228\u884c\uff0c\u786e\u5b9e\u9488\u5bf9\u4e0d\u540c\u7684\u7cfb\u7edf\uff0c\u8bbe\u5b9a\u4e86\u5f00\u673a\u542f\u52a8\uff1a<\/p>\n\n\n\n \u66f4\u65b0shadowsocks-libev\u7248\u672c<\/strong><\/p>\n\n\n\n \u9644\u5f55\uff08\u79cb\u6c34\u9038\u51b0\u7684\u4e00\u952e\u56db\u7248\u5b89\u88c5\u7684\u811a\u672c\u539f\u4ef6\uff09\uff1a<\/p>\n\n\n\n \u5b89\u88c5\u4e00\u4e2a\u653e\u7f6e\u88ab\u653b\u51fb\u7684\uff0c\u4e3b\u8981\u662f\u8bbe\u7f6essh\u767b\u5f55\u95195\u6b21\uff0c\u5c31\u51bb\u7ed310\u5206\u949f\uff0c\u8fd9\u4e2a\u7a0b\u5e8f\u53eb\u505aFAIL2BAN\uff0c\u5f88\u76f4\u767d\u7684\u540d\u5b57\uff1a<\/p>\n\n\n\n \u5728 \/etc\/fail2ban\/jail.conf<\/strong>\u8fd9\u91cc\u6211\u4eec\u6765\u8c03\u6574FAIL2BAN\u7684\u8bbe\u7f6e<\/p>\n\n\n\n \u5728\u6210\u529f\u5b89\u88c5\u914d\u7f6e\u4e86shadowsocks-libev […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89],"tags":[147,142,145,144,143,148,146],"class_list":["post-1335","post","type-post","status-publish","format-standard","hentry","category-live","tag-bbr","tag-fail2ban","tag-init-d","tag-rc-local","tag-shadowsock-libev","tag-148","tag-146"],"_links":{"self":[{"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/1335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1335"}],"version-history":[{"count":16,"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/1335\/revisions"}],"predecessor-version":[{"id":1355,"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/1335\/revisions\/1355"}],"wp:attachment":[{"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zengqq.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}sudo vim \/etc\/rc.local \/\/\u7f16\u5199rc.local \u5728\u6700\u4f4e\u7aef\u6dfb\u52a0\u5982\u4e0b,\u6839\u636e\u81ea\u5df1\u7684\u5b89\u88c5\u76ee\u5f55\u4fee\u6539\uff0c\u6211\u7684\u90fdcd\u8fdb\u53bb\u770b\u591a\u4e86\n\n\/usr\/local\/bin\/sslocal -c \/etc\/init.d\/shadowsocks-libev start<\/pre>\n\n\n\n
pi@raspberrypi:~ $ \/etc\/init.d\/shadowsocks-libev status \/\/\u67e5\u770b\u91cd\u542f\u540eshadowsocks-libev\u7684\u8fd0\u884c\u72b6\u6001\nShadowsocks-libev (pid 458) is running...\/\/\u672c\u6765\u5c31\u542f\u52a8\u4e86\uff0c\u670d\u52a1\u5c31\u81ea\u7136\u5730\u4e0a\u6765\u4e86\npi@raspberrypi:~ $ <\/pre>\n\n\n\n
shadowsocks.json<\/s>\uff0c\u56e0\u4e3a\u672c\u6b21\u662f\u4e00\u952e\u5b89\u88c5\u7684\uff0c\u6240\u4ee5\u914d\u7f6e\u6587\u4ef6\u662f\/etc\/shadowsocks-libev\/config.json<\/span>\uff0c\u6240\u4ee5\u6709\u65f6\u8fd9\u4e9b\u6587\u7ae0\u8bd5\u7528\u6027\u5f88\u4f4e\uff0c\u9700\u8981\u81ea\u5df1\u4ed4\u7ec6\u68c0\u67e5\u548c\u533a\u522b\u3002<\/p>\n\n\n\nif [ -f \/usr\/bin\/ssserver ] || [ -f \/usr\/local\/bin\/ssserver ]; then\n chmod +x \/etc\/init.d\/shadowsocks\n # Add run on system start up \u770b\u5230\u6ca1\uff1f\u8fd9\u91cc\u8bbe\u5b9a\u4e3a\u5f00\u673a\u542f\u52a8\n if [ \"$OS\" == 'CentOS' ]; then\n chkconfig --add shadowsocks\n chkconfig shadowsocks on\n else\n update-rc.d -f shadowsocks defaults\nfi<\/pre>\n\n\n\n
pip install -U shadowsocks \/\/\u5b89\u88c5\u4e00\u6bb5\u65f6\u95f4\u4e4b\u540e\u8fd8\u80fd\u901a\u8fc7\u8fd9\u4e2a\u6307\u4ee4\u65e0\u5bb3\u5347\u7ea7\nreboot -h now \/\/\u5347\u7ea7\u5b8c\u540e\uff0c\u91cd\u542f\u4e00\u4e0b<\/pre>\n\n\n\n
#! \/bin\/bash\nPATH=\/bin:\/sbin:\/usr\/bin:\/usr\/sbin:\/usr\/local\/bin:\/usr\/local\/sbin:~\/bin\nexport PATH\n#=================================================================#\n# System Required: CentOS 6+, Debian 7+, Ubuntu 12+ #\n# Description: One click Install Shadowsocks-Python server #\n# Author: Teddysun <i@teddysun.com> #\n# Thanks: @clowwindy <https:\/\/twitter.com\/clowwindy> #\n# Intro: https:\/\/teddysun.com\/342.html #\n#=================================================================#\nclear\necho\necho \"#############################################################\"\necho \"# One click Install Shadowsocks-Python server #\"\necho \"# Intro: https:\/\/teddysun.com\/342.html #\"\necho \"# Author: Teddysun <i@teddysun.com> #\"\necho \"# Thanks: @clowwindy <https:\/\/twitter.com\/clowwindy> #\"\necho \"#############################################################\"\necho\n# Make sure only root can run our script\nfunction rootness(){\n if [[ $EUID -ne 0 ]]; then\n echo \"Error:This script must be run as root!\" 1>&2\n exit 1\n fi\n}\n# Check OS\nfunction checkos(){\n if [ -f \/etc\/redhat-release ];then\n OS=CentOS\n elif [ ! -z \"`cat \/etc\/issue | grep bian`\" ];then\n OS=Debian\n elif [ ! -z \"`cat \/etc\/issue | grep Ubuntu`\" ];then\n OS=Ubuntu\n else\n echo \"Not support OS, Please reinstall OS and retry!\"\n exit 1\n fi\n}\n# Get version\nfunction getversion(){\n if [[ -s \/etc\/redhat-release ]];then\n grep -oE \"[0-9.]+\" \/etc\/redhat-release\n else\n grep -oE \"[0-9.]+\" \/etc\/issue\n fi\n}\n# CentOS version\nfunction centosversion(){\n local code=$1\n local version=\"`getversion`\"\n local main_ver=${version%%.*}\n if [ $main_ver == $code ];then\n return 0\n else\n return 1\n fi\n}\n# Disable selinux\nfunction disable_selinux(){\nif [ -s \/etc\/selinux\/config ] && grep 'SELINUX=enforcing' \/etc\/selinux\/config; then\n sed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/selinux\/config\n setenforce 0\nfi\n}\n# Pre-installation settings\nfunction pre_install(){\n # Not support CentOS 5\n if centosversion 5; then\n echo \"Not support CentOS 5, please change to CentOS 6+ or Debian 7+ or Ubuntu 12+ and try again.\"\n exit 1\n fi\n # Set shadowsocks config password\n echo \"Please input password for shadowsocks-python:\"\n read -p \"(Default password: teddysun.com):\" shadowsockspwd\n [ -z \"$shadowsockspwd\" ] && shadowsockspwd=\"teddysun.com\"\n echo\n echo \"---------------------------\"\n echo \"password = $shadowsockspwd\"\n echo \"---------------------------\"\n echo\n # Set shadowsocks config port\n while true\n do\n echo -e \"Please input port for shadowsocks-python [1-65535]:\"\n read -p \"(Default port: 8989):\" shadowsocksport\n [ -z \"$shadowsocksport\" ] && shadowsocksport=\"8989\"\n expr $shadowsocksport + 0 &>\/dev\/null\n if [ $? -eq 0 ]; then\n if [ $shadowsocksport -ge 1 ] && [ $shadowsocksport -le 65535 ]; then\n echo\n echo \"---------------------------\"\n echo \"port = $shadowsocksport\"\n echo \"---------------------------\"\n echo\n break\n else\n echo \"Input error! Please input correct numbers.\"\n fi\n else\n echo \"Input error! Please input correct numbers.\"\n fi\n done\n get_char(){\n SAVEDSTTY=`stty -g`\n stty -echo\n stty cbreak\n dd if=\/dev\/tty bs=1 count=1 2> \/dev\/null\n stty -raw\n stty echo\n stty $SAVEDSTTY\n }\n echo\n echo \"Press any key to start...or Press Ctrl+C to cancel\"\n char=`get_char`\n #Install necessary dependencies\n if [ \"$OS\" == 'CentOS' ]; then\n yum install -y wget unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent\n yum install -y automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel which\n else\n apt-get -y update\n apt-get -y install python python-dev python-pip python-setuptools curl wget unzip gcc swig automake make perl cpio\n fi\n # Get IP address\n echo \"Getting Public IP address, Please wait a moment...\"\n IP=$(curl -s -4 icanhazip.com)\n if [[ \"$IP\" = \"\" ]]; then\n IP=$(curl -s -4 ipinfo.io\/ip)\n fi\n echo -e \"Your main public IP is\\t\\033[32m$IP\\033[0m\"\n echo\n #Current folder\n cur_dir=`pwd`\n cd $cur_dir\n}\n# Download files\nfunction download_files(){\n if [ \"$OS\" == 'CentOS' ]; then\n # Download shadowsocks chkconfig file\n if ! wget --no-check-certificate https:\/\/raw.githubusercontent.com\/teddysun\/shadowsocks_install\/master\/shadowsocks -O \/etc\/init.d\/shadowsocks; then\n echo \"Failed to download shadowsocks chkconfig file!\"\n exit 1\n fi\n else\n if ! wget --no-check-certificate https:\/\/raw.githubusercontent.com\/teddysun\/shadowsocks_install\/master\/shadowsocks-debian -O \/etc\/init.d\/shadowsocks; then\n echo \"Failed to download shadowsocks chkconfig file!\"\n exit 1\n fi\n fi\n}\n# Config shadowsocks\nfunction config_shadowsocks(){\n cat > \/etc\/shadowsocks.json<<-EOF\n{\n \"server\":\"0.0.0.0\",\n \"server_port\":${shadowsocksport},\n \"local_address\":\"127.0.0.1\",\n \"local_port\":1080,\n \"password\":\"${shadowsockspwd}\",\n \"timeout\":300,\n \"method\":\"aes-256-cfb\",\n \"fast_open\":false\n}\nEOF\n}\n# firewall set\nfunction firewall_set(){\n echo \"firewall set start...\"\n if centosversion 6; then\n \/etc\/init.d\/iptables status > \/dev\/null 2>&1\n if [ $? -eq 0 ]; then\n iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' > \/dev\/null 2>&1\n if [ $? -ne 0 ]; then\n iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT\n iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT\n \/etc\/init.d\/iptables save\n \/etc\/init.d\/iptables restart\n else\n echo \"port ${shadowsocksport} has been set up.\"\n fi\n else\n echo \"WARNING: iptables looks like shutdown or not installed, please manually set it if necessary.\"\n fi\n elif centosversion 7; then\n systemctl status firewalld > \/dev\/null 2>&1\n if [ $? -eq 0 ];then\n firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}\/tcp\n firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}\/udp\n firewall-cmd --reload\n else\n echo \"Firewalld looks like not running, try to start...\"\n systemctl start firewalld\n if [ $? -eq 0 ];then\n firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}\/tcp\n firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}\/udp\n firewall-cmd --reload\n else\n echo \"WARNING: Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary.\"\n fi\n fi\n fi\n echo \"firewall set completed...\"\n}\n# Install Shadowsocks\nfunction install_ss(){\n which pip > \/dev\/null 2>&1\n if [ $? -ne 0 ]; then\n if [ \"$OS\" == 'CentOS' ]; then\n which easy_install > \/dev\/null 2>&1\n if [ $? -eq 0 ]; then\n easy_install pip\n else\n echo \"easy_install command not found. please check it and try again.\"\n exit 1\n fi\n fi\n fi\n if [ -f \/usr\/bin\/pip ]; then\n if centosversion 6; then\n # Fix swig failed error by install old version\n pip install M2Crypto==0.22.3\n else\n pip install M2Crypto\n fi\n pip install greenlet\n pip install gevent\n pip install shadowsocks\n if [ -f \/usr\/bin\/ssserver ] || [ -f \/usr\/local\/bin\/ssserver ]; then\n chmod +x \/etc\/init.d\/shadowsocks\n # Add run on system start up\n if [ \"$OS\" == 'CentOS' ]; then\n chkconfig --add shadowsocks\n chkconfig shadowsocks on\n else\n update-rc.d -f shadowsocks defaults\n fi\n # Run shadowsocks in the background\n \/etc\/init.d\/shadowsocks start\n else\n echo\n echo \"Shadowsocks install failed! Please visit https:\/\/teddysun.com\/342.html and contact.\"\n exit 1\n fi\n clear\n echo\n echo \"Congratulations, shadowsocks install completed!\"\n echo -e \"Your Server IP: \\033[41;37m ${IP} \\033[0m\"\n echo -e \"Your Server Port: \\033[41;37m ${shadowsocksport} \\033[0m\"\n echo -e \"Your Password: \\033[41;37m ${shadowsockspwd} \\033[0m\"\n echo -e \"Your Local IP: \\033[41;37m 127.0.0.1 \\033[0m\"\n echo -e \"Your Local Port: \\033[41;37m 1080 \\033[0m\"\n echo -e \"Your Encryption Method: \\033[41;37m aes-256-cfb \\033[0m\"\n echo\n echo \"Welcome to visit:https:\/\/teddysun.com\/342.html\"\n echo \"Enjoy it!\"\n echo\n exit 0\n else\n echo\n echo \"pip install failed! Please visit https:\/\/teddysun.com\/342.html and contact.\"\n exit 1\n fi\n}\n# Uninstall Shadowsocks\nfunction uninstall_shadowsocks(){\n printf \"Are you sure uninstall Shadowsocks? (y\/n) \"\n printf \"\\n\"\n read -p \"(Default: n):\" answer\n if [ -z $answer ]; then\n answer=\"n\"\n fi\n if [ \"$answer\" = \"y\" ]; then\n ps -ef | grep -v grep | grep -v ps | grep -i \"ssserver\" > \/dev\/null 2>&1\n if [ $? -eq 0 ]; then\n \/etc\/init.d\/shadowsocks stop\n fi\n checkos\n if [ \"$OS\" == 'CentOS' ]; then\n chkconfig --del shadowsocks\n else\n update-rc.d -f shadowsocks remove\n fi\n # delete config file\n rm -f \/etc\/shadowsocks.json\n rm -f \/var\/run\/shadowsocks.pid\n rm -f \/etc\/init.d\/shadowsocks\n pip uninstall -y shadowsocks\n if [ $? -eq 0 ]; then\n echo \"Shadowsocks uninstall success!\"\n else\n echo \"Shadowsocks uninstall failed!\"\n fi\n else\n echo \"uninstall cancelled, Nothing to do\"\n fi\n}\n# Install Shadowsocks-python\nfunction install_shadowsocks(){\n checkos\n rootness\n disable_selinux\n pre_install\n download_files\n config_shadowsocks\n if [ \"$OS\" == 'CentOS' ]; then\n firewall_set\n fi\n install_ss\n}\n# Initialization step\naction=$1\n[ -z $1 ] && action=install\ncase \"$action\" in\ninstall)\n install_shadowsocks\n ;;\nuninstall)\n uninstall_shadowsocks\n ;;\n*)\n echo \"Arguments error! [${action} ]\"\n echo \"Usage: `basename $0` {install|uninstall}\"\n ;;\nesac<\/pre>\n\n\n\ni@raspberrypi:~ $ sudo apt install fail2ban\nReading package lists... Done\nBuilding dependency tree \nReading state information... Done\nThe following additional packages will be installed:\n python3-systemd whois\nSuggested packages:\n mailx monit sqlite3\nThe following NEW packages will be installed:\n fail2ban python3-systemd whois\n0 upgraded, 3 newly installed, 0 to remove and 15 not upgraded.\nNeed to get 487 kB of archives.\nAfter this operation, 2,276 kB of additional disk space will be used.\nDo you want to continue? [Y\/n] \n\/\/\u8fd9\u91cc\u6211\u9009\u62e9y\nGet:1 http:\/\/mirror.nus.edu.sg\/raspbian\/raspbian buster\/main armhf whois armhf 5.4.3 [68.6 kB]\nGet:2 http:\/\/mirror.nus.edu.sg\/raspbian\/raspbian buster\/main armhf fail2ban all 0.10.2-2.1 [385 kB]\nGet:3 http:\/\/mirror.rise.ph\/raspbian\/raspbian buster\/main armhf python3-systemd armhf 234-2+b1 [34.1 kB]\nFetched 487 kB in 3s (181 kB\/s) \nSelecting previously unselected package whois.\n(Reading database ... 97726 files and directories currently installed.)\nPreparing to unpack ...\/archives\/whois_5.4.3_armhf.deb ...\nUnpacking whois (5.4.3) ...\nSelecting previously unselected package fail2ban.\nPreparing to unpack ...\/fail2ban_0.10.2-2.1_all.deb ...\nUnpacking fail2ban (0.10.2-2.1) ...\nSelecting previously unselected package python3-systemd.\nPreparing to unpack ...\/python3-systemd_234-2+b1_armhf.deb ...\nUnpacking python3-systemd (234-2+b1) ...\nSetting up whois (5.4.3) ...\nSetting up fail2ban (0.10.2-2.1) ...\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/fail2ban.service \u2192 \/lib\/systemd\/system\/fail2ban.service.\n[fail2ban-tmpfiles.conf:1] Line references path below legacy directory \/var\/run\/, updating \/var\/run\/fail2ban \u2192 \/run\/fail2ban; please update the tmpfiles.d\/ drop-in file accordingly.\nSetting up python3-systemd (234-2+b1) ...\nProcessing triggers for man-db (2.8.5-2) ...\nProcessing triggers for systemd (241-7~deb10u4+rpi1) ...\npi@raspberrypi:~ $ \/\/\u5b8c\u6210<\/pre>\n\n\n\n
sudo vim \/etc\/fail2ban\/jail.conf\n\n#\n# WARNING: heavily refactored in 0.9.0 release. Please review and\n# customize settings for your setup.\n#\n# Changes: in most of the cases you should not modify this\n# file, but provide customizations in jail.local file,\n# or separate .conf files under jail.d\/ directory, e.g.:\n#\n# HOW TO ACTIVATE JAILS:\n#\n# YOU SHOULD NOT MODIFY THIS FILE.\n#\n# It will probably be overwritten or improved in a distribution update.\n#\n# Provide customizations in a jail.local file or a jail.d\/customisation.local.\n# For example to change the default bantime for all jails and to enable the\n# ssh-iptables jail the following (uncommented) would appear in the .local file.\n# See man 5 jail.conf for details.\n#\n# [DEFAULT]\n# bantime = 1h\n#\n# [sshd]\n# enabled = true\n#\n# See jail.conf(5) man page for more information\n\n\n\n# Comments: use '#' for comment lines and ';' (following a space) for inline comments\n\n\n[INCLUDES]\n\n#before = paths-distro.conf\nbefore = paths-debian.conf\n\n# The DEFAULT allows a global definition of the options. They can be overridden\n# in each jail afterwards.\n\n[DEFAULT]\n\n#\n# MISCELLANEOUS OPTIONS\n#\n\n# \"ignorself\" specifies whether the local resp. own IP addresses should be ignored\n# (default is true). Fail2ban will not ban a host which matches such addresses.\nignorself = true\n\n# \"ignoreip\" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban\n# will not ban a host which matches an address in this list. Several addresses\n# can be defined using space (and\/or comma) separator.\nignoreip = 47.88.49.91\/8 ::1\n\n# External command that will take an tagged arguments to ignore, e.g. <ip>,\n# and return true if the IP is to be ignored. False otherwise.\n#\n# ignorecommand = \/path\/to\/command <ip>\nignorecommand =\n\n# \"bantime\" is the number of seconds that a host is banned.\nbantime = 10m\n# A host is banned if it has generated \"maxretry\" during the last \"findtime\"\n# seconds.\nfindtime = 10m\n\n# \"maxretry\" is the number of failures before a host get banned.\nmaxretry = 5\n\n# \"backend\" specifies the backend used to get files modification.\n# Available options are \"pyinotify\", \"gamin\", \"polling\", \"systemd\" and \"auto\".\n# This option can be overridden in each jail as well.\n#\n# pyinotify: requires pyinotify (a file alteration monitor) to be installed.\n# If pyinotify is not installed, Fail2ban will use auto.\n# gamin: requires Gamin (a file alteration monitor) to be installed.\n# If Gamin is not installed, Fail2ban will use auto.\n# polling: uses a polling algorithm which does not require external libraries.\n# systemd: uses systemd python library to access the systemd journal.\n# Specifying \"logpath\" is not valid for this backend.\n# See \"journalmatch\" in the jails associated filter config\n# auto: will try to use the following backends, in order:\n# pyinotify, gamin, polling.\n#\n 70,1 7%\n 59,1 4%<\/pre>\n","protected":false},"excerpt":{"rendered":"