Fail2ban 可以正常工作,但我去测试我的服务器,不知什么原因,Apache2 jails 无法正常工作。我用 iptables -S 检查了 IPTables,-A input -p tcp -m multiport --dports 22 -j f2b-default尽管我在 jails.conf 中将端口指定为 http 和 https,但仍然有 9 个条目
我尝试再次进入 jails.conf,将 http、https 更改为 80,443,但还是发生了同样的事情。我不知道为什么 fail2ban 会在每种类型的 jail 上为端口 22 添加 iptables 条目,但我所做的似乎都无法解决这个问题。
如果有人想帮助我的话,我在使用 Debian 9。
编辑:配置文件
[INCLUDES]
before = paths-debian.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 600
findtime = 600
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
#enabled = true
filter = %(__name__)s
destemail = root@localhost
sender = fail2ban@localhost
mta = sendmail
protocol = tcp
chain = INPUT
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
banaction = iptables-multiport
banaction_allports = iptables-allports
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
action = %(action_)s
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
action = iptables-multiport
cloudflare
[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
action = iptables-multiport
cloudflare
[apache-auth]
enabled = true
port = 80,443
logpath = %(apache_error_log)s
action = iptables-multiport
cloudflare
[apache-badbots]
enabled = true
port = 80,443
logpath = %(apache_access_log)s
bantime = 172800
maxretry = 1
action = iptables-multiport
cloudflare
[apache-noscript]
port = http,https
logpath = %(apache_error_log)s
action = iptables-multiport
cloudflare
[apache-overflows]
enabled = true
port = 80,443
logpath = %(apache_error_log)s
maxretry = 2
action = iptables-multiport
cloudflare
[apache-nohome]
enabled = true
port = 80,443
logpath = %(apache_error_log)s
maxretry = 2
action = iptables-multiport
cloudflare
[apache-botsearch]
enabled = true
port = 80,443
logpath = %(apache_error_log)s
maxretry = 2
action = iptables-multiport
cloudflare
[apache-fakegooglebot]
enabled = true
port = 80,443
logpath = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
action = iptables-multiport
cloudflare
[apache-modsecurity]
enabled = true
port = 80,443
logpath = %(apache_error_log)s
maxretry = 2
action = iptables-multiport
cloudflare
[apache-shellshock]
enabled = true
port = 80,443
logpath = %(apache_error_log)s
maxretry = 1
action = iptables-multiport
cloudflare
答案1
端口 22 用于 SSH。Fail2ban 禁止在该端口上进行多次连接重试是正常的。这张图片没有任何问题;它工作正常。