![无法弄清楚 fail2ban 日志错误消息:“iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' 返回 100”](https://linux22.com/image/661851/%E6%97%A0%E6%B3%95%E5%BC%84%E6%B8%85%E6%A5%9A%20fail2ban%20%E6%97%A5%E5%BF%97%E9%94%99%E8%AF%AF%E6%B6%88%E6%81%AF%EF%BC%9A%E2%80%9Ciptables%20-n%20-L%20INPUT%20%7C%20grep%20-q%20'fail2ban-SSH%5B%20%5Ct%5D'%20%E8%BF%94%E5%9B%9E%20100%E2%80%9D.png)
这是我的 ssh 的 jail.local 规则:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/messages
maxretry = 5
以下是我的日志使用 BAN 生成的内容
2015-04-23 07:07:49,823 fail2ban.actions[27564]: WARNING [ssh-tcpwrapper] Ban xx.xx.xxx.xxx
2015-04-23 07:07:50,721 fail2ban.actions[27564]: WARNING [ssh-iptables] Ban xx.xx.xxx.xxx
2015-04-23 07:07:50,729 fail2ban.actions.action[27564]: ERROR iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' returned 100
2015-04-23 07:07:50,730 fail2ban.actions.action[27564]: ERROR Invariant check failed. Trying to restore a sane environment
2015-04-23 07:07:50,738 fail2ban.actions.action[27564]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
现在我也通过 UNBAN 遇到了这个问题:
2015-04-23 16:18:48,828 fail2ban.actions[27564]: WARNING [ssh-tcpwrapper] Unban xx.xx.xxx.xxx
2015-04-23 16:18:48,835 fail2ban.actions.action[27564]: ERROR echo "/^sshd: xx.xx.xxx.xxx$/
d
w
q" | ed /etc/hosts.deny returned 7f00
2015-04-23 16:18:48,836 fail2ban.actions.action[27564]: INFO HINT on 7f00: "Command not found". Make sure that all commands in 'echo "/^sshd: xx.xx.xxx.xxx$/\nd\nw\nq" | ed /etc/hosts.deny' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2015-04-23 16:19:04,847 fail2ban.actions[27564]: WARNING [ssh-iptables] Unban xx.xx.xxx.xxx
2015-04-23 16:19:04,855 fail2ban.actions.action[27564]: ERROR iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' returned 100
2015-04-23 16:19:04,855 fail2ban.actions.action[27564]: ERROR Invariant check failed. Trying to restore a sane environment
2015-04-23 16:19:04,863 fail2ban.actions.action[27564]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
这发生在 OpenSuse 13.2 上,其 fail2ban 安装相对未受影响。我更喜欢 Centos,我已经习惯了这种开箱即用的东西。我真的不知道如何处理这些错误,花了几个小时在谷歌上搜索并查看堆栈,但除了“删除并重新安装”之外,没有真正可靠的解决方案。
我最好的猜测是,这是一个环境问题,并且 fail2ban 服务无法发出命令和/或命令格式不正确,但我不知道具体去哪里解决这个问题。