我最近安装了 2 台新服务器,使用的是 Centos 7。我已启用了默认的 fail2ban。我已确保它正在运行,因为 ps -ax | grep fail2ban 输出:
1996 ? S 0:04 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
但我的夜间日志如下所示:
sshd:
Authentication Failures:
root (60.173.26.165): 1070 Time(s)
root (122.225.109.208): 515 Time(s)
root (193.106.4.48): 391 Time(s)
root (122.225.109.104): 297 Time(s)
root (122.225.109.213): 286 Time(s)
root (122.225.109.219): 248 Time(s)
root (122.225.109.199): 220 Time(s)
root (113.200.114.230): 199 Time(s)
unknown (122.225.109.208): 140 Time(s)
root (122.225.109.204): 133 Time(s)
root (122.225.97.73): 131 Time(s)
root (122.225.97.70): 119 Time(s)
root (122.225.109.196): 99 Time(s)
root (61.174.50.134): 87 Time(s)
unknown (122.225.109.213): 67 Time(s)
root (122.225.97.98): 66 Time(s)
root (61.174.51.222): 65 Time(s)
unknown (122.225.109.104): 65 Time(s)
root (122.225.109.203): 64 Time(s)
unknown (122.225.109.199): 57 Time(s)
unknown (122.225.109.204): 18 Time(s)
unknown (122.225.109.196): 16 Time(s)
root (61.234.104.167): 8 Time(s)
root (80.191.81.53): 1 Time(s)
unknown (113.200.114.230): 1 Time(s)
unknown (122.225.109.219): 1 Time(s)
unknown (193.106.4.48): 1 Time(s)
unknown (91.220.131.33): 1 Time(s)
当我运行denyhosts时,我从未看到超过2或3次尝试后该IP就被禁止。这个结果是否说明fail2ban配置不正确?
编辑(由 sebix 建议)
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/sshd.conf
Use maxlines : 10
Use single line : /var/log/auth.log
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
|- Missed line(s):
| /var/log/auth.log