我无法让 fail2ban.service 运行。它经常被终止
我尝试在 xcp-ng (8.3 alpha2) 上安装 fail2ban。我从源代码安装它,因为默认 REHL 存储库已关闭,我认为这样做可能会更好。所以我尝试从源代码安装:
wget https://github.com/fail2ban/fail2ban/archive/refs/tags/1.0.2.tar.gz
tar xzf 1.0.2.tar.gz
cd fail2ban-1.0.2/
sudo python setup.py install
运行得非常好。所以我把它改成/etc/fail2ban/jail.conf这样:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3
bantime = 1800
然后我创建了一个如下所示的服务:
[Unit]
Description=Fail2Ban Service
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
Restart=always
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=read-only
ProtectSystem=strict
ReadWritePaths=-/var/run/fail2ban
ReadWritePaths=-/var/lib/fail2ban
ReadWritePaths=-/var/log/fail2ban
ReadWritePaths=-/var/spool/postfix/maildrop
ReadWritePaths=/run/xtables.lock
CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
[Install]
WantedBy=multi-user.target
[Definition]
logtarget = /var/log/fail2ban/fail2ban.log
我通过以下方式启动并注册了该服务:
sudo systemctl start fail2ban.service
sudo systemctl enable fail2ban.service
但问题就从这里开始。据/var/log/secure我所知,我在几秒钟内就封锁了一些 IP 地址,但服务被终止了几次,直到它遇到了start-limit。
sudo systemctl status fail2ban.service
将显示:
fail2ban.service - Fail2Ban Service
Loaded: loaded (/etc/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2023-05-05 14:49:02 CEST; 6h ago
Main PID: 3747 (code=exited, status=0/SUCCESS)
遗憾的是,这/var/log/fail2ban.log并没有太大的帮助:
2023-05-05 14:49:01,357 fail2ban.server [3737]: INFO Starting Fail2ban v1.0.2
2023-05-05 14:49:01,357 fail2ban.server [3737]: INFO Daemon started
2023-05-05 14:49:01,357 fail2ban.observer [3737]: INFO Observer start...
2023-05-05 14:49:01,367 fail2ban.database [3737]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2023-05-05 14:49:01,369 fail2ban.jail [3737]: INFO Creating new jail 'sshd'
2023-05-05 14:49:01,372 fail2ban.jail [3737]: INFO Jail 'sshd' uses poller {}
2023-05-05 14:49:01,372 fail2ban.jail [3737]: INFO Initiated 'polling' backend
2023-05-05 14:49:01,375 fail2ban.filter [3737]: INFO maxLines: 1
2023-05-05 14:49:01,396 fail2ban.filter [3737]: INFO maxRetry: 3
2023-05-05 14:49:01,396 fail2ban.actions [3737]: INFO banTime: 1800
2023-05-05 14:49:01,396 fail2ban.filter [3737]: INFO Added logfile: '/var/log/secure' (pos = 4204377, hash = 1758915d47afccac75c40307f4f09edc)
2023-05-05 14:49:01,397 fail2ban.jail [3737]: INFO Jail 'sshd' started
2023-05-05 14:49:01,423 fail2ban.server [3737]: INFO Shutdown in progress...
2023-05-05 14:49:01,423 fail2ban.observer [3737]: INFO Observer stop ... try to end queue 5 seconds
2023-05-05 14:49:01,492 fail2ban.observer [3737]: INFO Observer stopped, 0 events remaining.
2023-05-05 14:49:01,523 fail2ban.server [3737]: INFO Stopping all jails
2023-05-05 14:49:01,523 fail2ban.filter [3737]: INFO Removed logfile: '/var/log/secure'
2023-05-05 14:49:01,599 fail2ban.jail [3737]: INFO Jail 'sshd' stopped
2023-05-05 14:49:01,599 fail2ban.database [3737]: INFO Connection to database closed.
2023-05-05 14:49:01,599 fail2ban.server [3737]: INFO Exiting Fail2ban
答案1
我在回购并替换路径以匹配我的路径,如下所示:
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target