xcp-ng 上的 fail2ban(centos 上的 xen 服务器)不断死机

xcp-ng 上的 fail2ban(centos 上的 xen 服务器)不断死机

我无法让 fail2ban.service 运行。它经常被终止

我尝试在 xcp-ng (8.3 alpha2) 上安装 fail2ban。我从源代码安装它,因为默认 REHL 存储库已关闭,我认为这样做可能会更好。所以我尝试从源代码安装:

wget https://github.com/fail2ban/fail2ban/archive/refs/tags/1.0.2.tar.gz
tar xzf 1.0.2.tar.gz
cd fail2ban-1.0.2/
sudo python setup.py install

运行得非常好。所以我把它改成/etc/fail2ban/jail.conf这样:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3
bantime = 1800

然后我创建了一个如下所示的服务:

[Unit]
Description=Fail2Ban Service
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
Restart=always
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=read-only
ProtectSystem=strict
ReadWritePaths=-/var/run/fail2ban
ReadWritePaths=-/var/lib/fail2ban
ReadWritePaths=-/var/log/fail2ban
ReadWritePaths=-/var/spool/postfix/maildrop
ReadWritePaths=/run/xtables.lock
CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW

[Install]
WantedBy=multi-user.target

[Definition]
logtarget = /var/log/fail2ban/fail2ban.log

我通过以下方式启动并注册了该服务:

sudo systemctl start fail2ban.service
sudo systemctl enable fail2ban.service

但问题就从这里开始。据/var/log/secure我所知,我在几秒钟内就封锁了一些 IP 地址,但服务被终止了几次,直到它遇到了start-limit

sudo systemctl status fail2ban.service

将显示:

fail2ban.service - Fail2Ban Service
   Loaded: loaded (/etc/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Fri 2023-05-05 14:49:02 CEST; 6h ago
 Main PID: 3747 (code=exited, status=0/SUCCESS)

遗憾的是,这/var/log/fail2ban.log并没有太大的帮助:

2023-05-05 14:49:01,357 fail2ban.server         [3737]: INFO    Starting Fail2ban v1.0.2
2023-05-05 14:49:01,357 fail2ban.server         [3737]: INFO    Daemon started
2023-05-05 14:49:01,357 fail2ban.observer       [3737]: INFO    Observer start...
2023-05-05 14:49:01,367 fail2ban.database       [3737]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2023-05-05 14:49:01,369 fail2ban.jail           [3737]: INFO    Creating new jail 'sshd'
2023-05-05 14:49:01,372 fail2ban.jail           [3737]: INFO    Jail 'sshd' uses poller {}
2023-05-05 14:49:01,372 fail2ban.jail           [3737]: INFO    Initiated 'polling' backend
2023-05-05 14:49:01,375 fail2ban.filter         [3737]: INFO      maxLines: 1
2023-05-05 14:49:01,396 fail2ban.filter         [3737]: INFO      maxRetry: 3
2023-05-05 14:49:01,396 fail2ban.actions        [3737]: INFO      banTime: 1800
2023-05-05 14:49:01,396 fail2ban.filter         [3737]: INFO    Added logfile: '/var/log/secure' (pos = 4204377, hash = 1758915d47afccac75c40307f4f09edc)
2023-05-05 14:49:01,397 fail2ban.jail           [3737]: INFO    Jail 'sshd' started
2023-05-05 14:49:01,423 fail2ban.server         [3737]: INFO    Shutdown in progress...
2023-05-05 14:49:01,423 fail2ban.observer       [3737]: INFO    Observer stop ... try to end queue 5 seconds
2023-05-05 14:49:01,492 fail2ban.observer       [3737]: INFO    Observer stopped, 0 events remaining.
2023-05-05 14:49:01,523 fail2ban.server         [3737]: INFO    Stopping all jails
2023-05-05 14:49:01,523 fail2ban.filter         [3737]: INFO    Removed logfile: '/var/log/secure'
2023-05-05 14:49:01,599 fail2ban.jail           [3737]: INFO    Jail 'sshd' stopped
2023-05-05 14:49:01,599 fail2ban.database       [3737]: INFO    Connection to database closed.
2023-05-05 14:49:01,599 fail2ban.server         [3737]: INFO    Exiting Fail2ban

答案1

我在回购并替换路径以匹配我的路径,如下所示:

[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service

[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target

相关内容