我正在为我的 Linux (debian) 服务器设置 Fail2ban。当我检查 fail2ban 服务的状态时,我收到此错误:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2020-11-01 13:15:05 EST; 5s ago
Docs: man:fail2ban(1)
Process: 17851 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Process: 17852 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 17852 (code=exited, status=255/EXCEPTION)
Nov 01 13:15:05 raspberrypi systemd[1]: Starting Fail2Ban Service...
Nov 01 13:15:05 raspberrypi systemd[1]: Started Fail2Ban Service.
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]: Failed during configuration: File contains no section headers.
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]: file: '/etc/fail2ban/jail.local', line: 21
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]: 'bantime = 1h\n'
Nov 01 13:15:05 raspberrypi fail2ban-server[17852]: Async configuration of server failed
Nov 01 13:15:05 raspberrypi systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Nov 01 13:15:05 raspberrypi systemd[1]: fail2ban.service: Failed with result 'exit-code'.
我感觉这与我的配置文件有关,这是它的前 30 行:
#
# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
bantime = 1h
#
# [sshd]
enabled = true
#
# See jail.conf(5) man page for more information
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
[INCLUDES]
#before = paths-distro.conf
before = paths-debian.conf
# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#
答案1
对于该案例来说,仍然是实际存在的,否则有人稍后会发现它。
首先,不要将 jail.conf 复制到 jail.local,使用空的。
那么,这是错误的:
# [sshd]
enabled = true
启用之前您的文件中没有任何部分(以 开头的行#是注释)。
这将是正确的 jail.local 文件:
[DEFAULT]
# here you can overwrite some defaults:
[sshd]
enabled = true
[other-jail]
enabled = true
...