为什么 fail2ban 0.8 无法在 Debain 7 Wheezy x64 上正确启动?
你好,
我正在尝试配置 fail2ban 以与 APF 配合使用。但首先,如果 fail2ban 可以启动就太好了。
root@akdom:/var/log# /etc/init.d/fail2ban start
[ **ok** ] Starting authentication failure monitor: fail2ban.
root@akdom:/var/log# /etc/init.d/fail2ban status
[**FAIL**] Status of authentication failure monitor:[....] fail2ban is not running ... **failed**!
root@akdom:/var/log#
/etc/fail2ban/jail.local(与jail.conf中的内容相同)
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
maxretry = 3
findtime = 600
backend = auto
#
# ACTIONS
#
banaction = apf
mta = sendmail
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(cha$
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%($
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $
action = %(action_)s
#JAIL
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log
maxretry = 5
fail2ban.conf
socket = /var/run/fail2ban/fail2ban.sock (This file doesn'T exist, prehaps because fail2ban is not lauched properly)
对于我来说,快速设置它很重要,因为中国喜欢我的服务器 IP(根据 auth.log):)
在 DuckDuckGo 上,我发现了一些故障排除信息:我尝试删除并再次安装它。fail2ban-regex 运行完美,并且在过去 2 天内返回了超过 10000 个结果。auth.log 路径有效。
现在我正在考虑安装预发布的 0.9 版本以查看它是否正常运行。
有什么想法可以让它发挥作用吗?
谢谢
编辑 在 /etc/init.d/fail2ban 中使用 set -x
命令:/etc/init.d/fail2ban start
/var/log/fail2ban.log 仍然是空的。
root@akdom:/etc/fail2ban# /etc/init.d/fail2ban start
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ grep+ sed -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local -e s/.*socket *= *//g
-e s/ *$//g
+ tail -n 1
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=start
+ [ != no ]
+ log_daemon_msg Starting authentication failure monitor fail2ban
+ [ -z Starting authentication failure monitor ]
+ log_daemon_msg_pre Starting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Starting authentication failure monitor: fail2ban
Starting authentication failure monitor: fail2ban+ log_daemon_msg_post Starting authentication failure monitor fail2ban
+ :
+ do_start start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ [ != no ]
+ log_end_msg_wrapper 0 2
+ [ 0 -lt 2 ]
+ value=0
+ log_end_msg 0
+ [ -z 0 ]
+ local retval
+ retval=0
+ log_end_msg_pre 0
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 0 -eq 0 ]
+ /bin/echo -ne [ ok
[ ok + /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 0 -eq 0 ]
+ echo .
.
+ log_end_msg_post 0
+ :
+ return 0
+ :
root@akdom:/etc/fail2ban#
编辑
iptables 规则
root@akdom:~# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
root@akdom:~#
/etc/init.d/fail2ban 重新启动
root@akdom:~# /etc/init.d/fail2ban restart
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ tail -n 1
+ sed -e s/.*socket *= *//g -e s/ *$//g
+ grep -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=restart
+ log_daemon_msg Restarting authentication failure monitor fail2ban
+ [ -z Restarting authentication failure monitor ]
+ log_daemon_msg_pre Restarting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Restarting authentication failure monitor: fail2ban
Restarting authentication failure monitor: fail2ban+ log_daemon_msg_post Restarting authentication failure monitor fail2ban
+ :
+ do_stop
+ /usr/bin/fail2ban-client status
+ return 1
+ do_start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ log_end_msg_wrapper 2 1
+ [ 2 -lt 1 ]
+ value=1
+ log_end_msg 1
+ [ -z 1 ]
+ local retval
+ retval=1
+ log_end_msg_pre 1
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -ne [FAIL
[FAIL+ /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -e failed!
failed!
+ log_end_msg_post 1
+ :
+ return 1
- :
答案1
遇到了同样的问题。新版 fail2ban 中有一些已弃用的配置参数。
以下步骤解决了该问题。首先卸载并删除所有配置文件:
apt-get remove fail2ban --purge
之后重新安装:
apt-get install fail2ban
完成这些步骤后,您的配置将处于默认设置,您可以根据需要进行编辑。
答案2
尝试运行以下命令:
start-stop-daemon --start --quiet --chuid fail2ban --exec /usr/bin/fail2ban-client -- start
如果您以 root 身份运行 fail2ban(默认),请删除“--chuid fail2ban”。这将向您显示配置中阻止服务器启动的错误。