我刚刚在我的 debian7 机器上安装了 fail2ban,但是每当我启动它时我都会收到很多错误,似乎与 python 有关?
[....] Restarting authentication failure monitor: fail2banTraceback (most recent call last):
File "/usr/bin/fail2ban-client", line 404, in <module>
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 373, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 183, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 378, in __readConfig
ret = self.__configurator.getOptions()
File "/usr/share/fail2ban/client/configurator.py", line 68, in getOptions
return self.__jails.getOptions(jail)
File "/usr/share/fail2ban/client/jailsreader.py", line 67, in getOptions
ret = jail.getOptions()
File "/usr/share/fail2ban/client/jailreader.py", line 73, in getOptions
self.__opts = ConfigReader.getOptions(self, self.__name, opts)
File "/usr/share/fail2ban/client/configreader.py", line 87, in getOptions
v = self.get(sec, option[1])
File "/usr/lib/python2.7/ConfigParser.py", line 623, in get
return self._interpolate(section, option, value, d)
File "/usr/lib/python2.7/ConfigParser.py", line 691, in _interpolate
self._interpolate_some(option, L, rawval, section, vars, 1)
File "/usr/lib/python2.7/ConfigParser.py", line 723, in _interpolate_some
option, section, rest, var)
ConfigParser.InterpolationMissingOptionError: Bad value substitution:
section: [pam-generic]
option : action
key : action_mwl
rawval :
failed!
我不太清楚如何调试这个,因为我对 Python 一无所知,但我仍然假设这只是我在安装过程中遗漏了什么,或者是 jail.conf 上的某些内容。这是我的 jail.conf:
[DEFAULT]
ignoreip = 127.0.0.1
bantime = 18000
destemail = [email protected]
banaction = iptables-multiport
action = %(action_mwl)s
# JAILS
[ssh]
enabled = true
port = 7463
action = iptables
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
[pam-generic]
enabled = true
banaction = iptables-allports
[ssh-ddos]
enabled = true
[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx*/*error*.log
bantime = 600
maxretry = 6
[nginx-login]
enabled = true
filter = nginx-login
action = iptables-multiport[name=NoLoginFailures, port="http,https"]
logpath = /var/log/nginx*/*access*.log
bantime = 600
maxretry = 6
[nginx-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
logpath = /var/log/nginx*/*access*.log
bantime = 86400 # 1 day
maxretry = 1
[nginx-noscript]
enabled = true
action = iptables-multiport[name=NoScript, port="http,https"]
filter = nginx-noscript
logpath = /var/log/nginx*/*access*.log
maxretry = 6
bantime = 86400 # 1 day
我已经在 /filters.d/ 上为 nginx-auth、nginx-login、nginx-proxy 和 nginx-noscript 创建了过滤器
我也安装了 Python 2.7.3。
答案1
从我在您的配置文件中看到的内容和您收到的错误来看,[pam-generic] 的操作选项不能使用默认值(该部分中没有操作声明):
ConfigParser.InterpolationMissingOptionError: Bad value substitution:
section: [pam-generic]
option : action
key : action_mwl
rawval :
我不知道它的合适值是多少,但我会朝这个方向深入研究。最坏的情况是,如果您只需要过滤 nginx,您可以删除该部分并测试它是否启动。
答案2
您的 jail.conf 中未定义键“action_mwl”。
在默认的 jail.conf 中(至少在 Ubuntu 上)它被定义。建议保留 jail.conf 原样,并在 jail.local 中输入您自己的定义。
来自 stock jail.conf 的 action_mwl(Ubuntu 12.04):
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
答案3
您尚未在 [pam-generic] 节中定义以下内容:
filter
logpath
过滤器将是默认的,action_mwl,但日志路径不是默认的。
logpath是日志,其中fail2ban发现异常,并且对于中的每一节都是强制性的jail.conf。
在[ssh-ddos]中也会出现同样的问题。