dist 升级后 fail2ban 损坏

tag-icon tag-icon security fail2ban
dist 升级后 fail2ban 损坏

我的 fail2ban 安装在 dist 更新后就坏了。我不知道它为什么停止工作。日志文件超过 0 字节。即使我在服务器日志中看到客户端应该被阻止。

这是我的jail.conf(评论已删除):

[DEFAULT]
ignoreip = 127.0.0.1
bantime  = 600
maxretry = 3
backend = polling
destemail = root@localhost
banaction = iptables-multiport
mta = sendmail
protocol = tcp


action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]
action = %(action_)s

[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 6

#...

[ispconfig-w00tw00t]
enabled  = true
filter   = ispconfig-w00tw00t
action   = iptables-complete[name=ispconfig-w00tw00t]
logpath = /var/log/apache*/*access.log
maxretry = 1
bantime  = 86400

[block-phpmyadmin]
enabled  = true
filter   = block-phpmyadmin
action   = iptables-complete[name=block-phpmyadmin]
logpath = /var/log/apache*/*access.log
maxretry = 1
bantime  = 86400

以下是我自己的两条规则ispconfig-w00tw00t.conf

[Definition]
failregex = ^<HOST> -.*"GET \/w00tw00t\.at.*".*
ignoreregex =

我的任意block-phpmyadmin

[Definition]
failregex = ^<HOST> -.*"GET .*php[Mm]y[Aa]dmin.*".*
ignoreregex =

我对 init.d 脚本进行了一些修改,并收到以下错误消息:

WARNING 'findtime' not defined in 'apache-noscript'. Using default value
WARNING 'findtime' not defined in 'pam-generic'. Using default value
WARNING 'findtime' not defined in 'vsftpd'. Using default value
WARNING 'findtime' not defined in 'xinetd-fail'. Using default value
WARNING 'findtime' not defined in 'block-phpmyadmin'. Using default value
WARNING 'findtime' not defined in 'ispconfig-w00tw00t'. Using default value
WARNING 'findtime' not defined in 'ssh-ddos'. Using default value
WARNING 'findtime' not defined in 'apache-multiport'. Using default value
WARNING 'findtime' not defined in 'apache-overflows'. Using default value
WARNING 'findtime' not defined in 'couriersmtp'. Using default value
WARNING 'findtime' not defined in 'wuftpd'. Using default value
WARNING 'findtime' not defined in 'ssh'. Using default value
ERROR  /etc/fail2ban/action.d/iptables-multiport.conf and /etc/fail2ban/action.d/iptables-multiport.local do not exist
ERROR  Error in action definition iptables-multiport[name=ssh, port="ssh", protocol="tcp]
ERROR  Errors in jail 'ssh'. Skipping...

守护进程没有启动。不知道为什么。

答案1

最后我终于成功修复了这个错误。问题是该操作被重命名了。所以我需要将操作从 重命名为iptables-complete[name=block-phpmyadmin]iptables-allports现在它运行正常。

相关内容