我正尝试让 fail2ban 在我的 Debian 12 系统上运行,但一直遇到麻烦。
我首先使用以下命令安装 fail2ban:
sudo apt-get install fail2ban
执行成功,输出如下:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
fail2ban is already the newest version (1.0.2-2).
The following packages were automatically installed and are no longer required:
libslirp0 pigz slirp4netns
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 71 not upgraded.
然后我使用以下命令启用 fail2ban:
sudo systemctl enable fail2ban
给我成功的输出:
Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/.systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable fail2ban
然后我尝试使用以下命令启动该服务:
sudo systemctl start fail2ban
这是成功的。但是,当我尝试检查 fail2ban 服务的状态时,我看到了以下输出:
sudo systemctl status fail2ban:
× fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Wed 2024-02-14 12:48:29 EST; 1min 49s ago
Duration: 108ms
Docs: man:fail2ban(1)
Process: 9493 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 9493 (code=exited, status=255/EXCEPTION)
CPU: 103ms
Feb 14 12:48:29 [REDACTED HOSTNAME] systemd[1]: Started fail2ban.service - Fail2Ban Service.
Feb 14 12:48:29 [REDACTED HOSTNAME] fail2ban-server[9493]: 2024-02-14 12:48:29,128 fail2ban.configreader [9493]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'>
Feb 14 12:48:29 [REDACTED HOSTNAME] fail2ban-server[9493]: 2024-02-14 12:48:29,140 fail2ban [9493]: ERROR Failed during configuration: Have not found any log file for sshd jail>
Feb 14 12:48:29 [REDACTED HOSTNAME] fail2ban-server[9493]: 2024-02-14 12:48:29,145 fail2ban [9493]: ERROR Async configuration of server failed
Feb 14 12:48:29 [REDACTED HOSTNAME] systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 14 12:48:29 [REDACTED HOSTNAME] systemd[1]: fail2ban.service: Failed with result 'exit-code'.
我看到网上有人谈论修改 SSHD jail 文件,但是答案五花八门,我只是不明白发生了什么。
答案1
在 Debian 12 上,您需要做一些事情才能使其正常工作。
首先进入配置文件:
nano /etc/fail2ban/jail.local
backend=systemd并在之前添加这个enabled=true,使其看起来像这样,例如:
[sshd]
backend=systemd
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
然后保存并运行此命令:
apt install python3-systemd
现在重新启动fail2ban:
systemctl restart fail2ban
并检查状态,它应该正在工作。
答案2
在 Debian 12 上使用fail2ban1.0.2-2 进行测试。
简单如下:
echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf
systemctl restart fail2ban