Fail2ban 不会阻止尝试通过 ssh 访问我的服务器的 IP

tag-icon tag-icon ssh fail2ban
Fail2ban 不会阻止尝试通过 ssh 访问我的服务器的 IP

我使用默认设置安装了fail2ban,因为有一堆机器人试图以root身份登录我的服务器。我安装了它,但没有任何改变,我检查了fail2ban监狱IP列表,那里什么也没有。

这是我的安全日志的样子:

May 19 09:11:25 localhost sshd[6080]: Failed password for root from 43.255.188.160 port 52111 ssh2
May 19 09:11:25 localhost unix_chkpwd[6083]: password check failed for user (root)
May 19 09:11:25 localhost sshd[6080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:28 localhost sshd[6080]: Failed password for root from 43.255.188.160 port 52111 ssh2
May 19 09:11:28 localhost unix_chkpwd[6084]: password check failed for user (root)
May 19 09:11:28 localhost sshd[6080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:29 localhost sshd[6080]: Failed password for root from 43.255.188.160 port 52111 ssh2
May 19 09:11:29 localhost sshd[6080]: Received disconnect from 43.255.188.160: 11:  [preauth]
May 19 09:11:29 localhost sshd[6080]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160  user=root
May 19 09:11:30 localhost unix_chkpwd[6087]: password check failed for user (root)
May 19 09:11:30 localhost sshd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160  user=root
May 19 09:11:30 localhost sshd[6085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:31 localhost sshd[6085]: Failed password for root from 43.255.188.160 port 39053 ssh2
May 19 09:11:31 localhost unix_chkpwd[6088]: password check failed for user (root)
May 19 09:11:31 localhost sshd[6085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:33 localhost sshd[6085]: Failed password for root from 43.255.188.160 port 39053 ssh2
May 19 09:11:33 localhost unix_chkpwd[6089]: password check failed for user (root)
May 19 09:11:33 localhost sshd[6085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:36 localhost sshd[6085]: Failed password for root from 43.255.188.160 port 39053 ssh2
May 19 09:11:36 localhost sshd[6085]: Received disconnect from 43.255.188.160: 11:  [preauth]
May 19 09:11:36 localhost sshd[6085]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160  user=root
May 19 09:11:36 localhost unix_chkpwd[6093]: password check failed for user (root)
May 19 09:11:36 localhost sshd[6091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160  user=root
May 19 09:11:36 localhost sshd[6091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:38 localhost sshd[6091]: Failed password for root from 43.255.188.160 port 53516 ssh2
May 19 09:11:38 localhost unix_chkpwd[6094]: password check failed for user (root)
May 19 09:11:38 localhost sshd[6091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:40 localhost sshd[6091]: Failed password for root from 43.255.188.160 port 53516 ssh2
May 19 09:11:40 localhost unix_chkpwd[6095]: password check failed for user (root)
May 19 09:11:40 localhost sshd[6091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:42 localhost sshd[6091]: Failed password for root from 43.255.188.160 port 53516 ssh2
May 19 09:11:42 localhost sshd[6091]: Received disconnect from 43.255.188.160: 11:  [preauth]
May 19 09:11:42 localhost sshd[6091]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160  user=root
May 19 09:11:43 localhost unix_chkpwd[6098]: password check failed for user (root)
May 19 09:11:43 localhost sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160  user=root
May 19 09:11:43 localhost sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:44 localhost sshd[6096]: Failed password for root from 43.255.188.160 port 40323 ssh2
May 19 09:11:44 localhost unix_chkpwd[6099]: password check failed for user (root)
May 19 09:11:44 localhost sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:46 localhost sshd[6096]: Failed password for root from 43.255.188.160 port 40323 ssh2
May 19 09:11:46 localhost unix_chkpwd[6100]: password check failed for user (root)
May 19 09:11:46 localhost sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

我启用了fail2ban,(这里说已经在运行了)

fail2ban-client start
ERROR  Server already running

以及自昨天以来的状态:

fail2ban-client status
Status
|- Number of jail:  0
`- Jail list:

有什么我没有做的事情没有启用fail2ban吗?

答案1

正如有人指出的那样,我认为在 sshd_config 中使用此指令是一个很好的做法,PermitRootLogin no以防万一。

我的本地监狱有一个 ssh 部分,但现在我发现我缺少 ssh-iptables 部分,因此它会向 iptables 添加规则,现在它可以工作:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]

logpath  = /var/log/secure
maxretry = 5

相关内容