1
# 本地克隆并打包
2
git clone https://github.com/MacRimi/ProxMenux.git
3
# pve 宿主机安装
4
unzip ProxMenux.zip
5
apt update && apt install -y dos2unix
6
cd ProxMenux
7
dos2unix install_proxmenux.sh
8
sed -i 's|REPO_URL=".*"|REPO_URL="'$(pwd)'"|g' install_proxmenux.sh
9
./install_proxmenux.sh
10

11
systemctl status proxmenux-monitor
12
menu

1
cat << 'EOF' > /etc/fail2ban/filter.d/proxmenux.conf
2
[Definition]
3
failregex = ^.*ProxMenux-Monitor\.AppImage\[\d+\]: <HOST> - - \[.*\] code 400, message (Bad HTTP|Bad request).*
4
ignoreregex =
5
EOF

1
cat << 'EOF' > /etc/fail2ban/jail.d/proxmenux.conf
2
[proxmenux]
3
enabled = true
4
port    = 8008
5
filter  = proxmenux
6
backend = systemd
7
journalmatch = _SYSTEMD_UNIT=proxmenux-monitor.service
8
banaction = nftables[type=allports]
9
maxretry = 2
10
findtime = 1d
11
bantime  = 3d
12
EOF

1
# 用日志查看
2
journalctl -u proxmenux-monitor.service | grep "code 400" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort | uniq -c | sort -nr

1
systemctl restart fail2ban
2
fail2ban-client status proxmenux
3

4
# 测试
5
fail2ban-regex systemd-journal /etc/fail2ban/filter.d/proxmenux.conf

1
cat << 'EOF' > /etc/fail2ban/filter.d/proxmox.conf
2
[Definition]
3
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
4
ignoreregex =
5
EOF

1
cat << 'EOF' > /etc/fail2ban/jail.d/proxmox.conf
2
[proxmox]
3
enabled = true
4
port    = https,8006
5
filter  = proxmox
6
backend = systemd
7
journalmatch = _SYSTEMD_UNIT=pvedaemon.service
8
banaction = nftables[type=allports]
9
maxretry = 2
10
findtime = 1d
11
bantime = 1d
12
# 强制从日志起始位置开始搜索（重要）
13
logpath = %(syslog_daemon)s
14
EOF

1
# 日志查看 8006 爆破 ip
2
journalctl -u pvedaemon.service | grep "authentication failure" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort | uniq -c | sort -nr | head -n 20

1
systemctl restart fail2ban
2
fail2ban-client status proxmox
3
# 测试
4
fail2ban-regex systemd-journal /etc/fail2ban/filter.d/proxmox.conf
5
# 手动封禁
6
fail2ban-client set proxmox banip 141.98.11.50

1
# 1. 停止服务
2
systemctl stop fail2ban
3

4
# 2. 清空数据库，让它重头开始读 journal
5
rm /var/lib/fail2ban/fail2ban.sqlite3
6

7
# 3. 启动服务
8
systemctl start fail2ban
9

10
# 查看 fail2ban 日志
11
tail -n 100 -f /var/log/fail2ban.log

1
# 查看当前日志占用大小
2
journalctl --disk-usage
3
# 清理日志（保留最近 2 天）
4
journalctl --vacuum-time=2d