iptables 规则是否在 Centos 7(Azure)上自行添加?

iptables 规则是否在 Centos 7(Azure)上自行添加?

我们正在尝试在内部网络上运行 PCI 扫描。出于某种原因,扫描运行时,机器会通过将其 IP 添加到 iptables 来自动阻止扫描仪。

我们没有安装 fail2ban,而且防火墙服务已停止。然而,规则仍在不断添加!这可能是什么原因?

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  10.2.9.4             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  10.2.9.4             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination      

编辑:这是禁令发生时的审计日志:

==> /var/log/audit/audit.log <==
type=AVC msg=audit(1576075680.436:1186): avc:  denied  { read } for  pid=3159 comm="iptables" name="xtables.lock" dev="tmpfs" ino=24193 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1576075680.436:1186): arch=c000003e syscall=2 success=no exit=-13 a0=4130a4 a1=40 a2=180 a3=7ffdfc25d120 items=0 ppid=3142 pid=3159 auid=4294967295 uid=0 gid=985 euid=0 suid=0 fsuid=0 egid=985 sgid=985 fsgid=985 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=PROCTITLE msg=audit(1576075680.436:1186): proctitle=2F7362696E2F69707461626C6573002D4900494E505554002D730031302E322E392E34002D6A0044524F50
type=NETFILTER_CFG msg=audit(1576075680.437:1187): table=filter family=2 entries=4
type=SYSCALL msg=audit(1576075680.437:1187): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=10cbd80 items=0 ppid=3142 pid=3159 auid=4294967295 uid=0 gid=985 euid=0 suid=0 fsuid=0 egid=985 sgid=985 fsgid=985 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=PROCTITLE msg=audit(1576075680.437:1187): proctitle=2F7362696E2F69707461626C6573002D4900494E505554002D730031302E322E392E34002D6A0044524F50
type=AVC msg=audit(1576075680.438:1188): avc:  denied  { read } for  pid=3160 comm="iptables" name="xtables.lock" dev="tmpfs" ino=24193 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1576075680.438:1188): arch=c000003e syscall=2 success=no exit=-13 a0=4130a4 a1=40 a2=180 a3=7ffcdf8bd760 items=0 ppid=3142 pid=3160 auid=4294967295 uid=0 gid=985 euid=0 suid=0 fsuid=0 egid=985 sgid=985 fsgid=985 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=PROCTITLE msg=audit(1576075680.438:1188): proctitle=2F7362696E2F69707461626C6573002D4900464F5257415244002D730031302E322E392E34002D6A0044524F50
type=NETFILTER_CFG msg=audit(1576075680.439:1189): table=filter family=2 entries=5
type=SYSCALL msg=audit(1576075680.439:1189): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=effef0 items=0 ppid=3142 pid=3160 auid=4294967295 uid=0 gid=985 euid=0 suid=0 fsuid=0 egid=985 sgid=985 fsgid=985 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=PROCTITLE msg=audit(1576075680.439:1189): proctitle=2F7362696E2F69707461626C6573002D4900464F5257415244002D730031302E322E392E34002D6A0044524F50
type=SERVICE_STOP msg=audit(1576075680.605:1190): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=omid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1576075680.652:1191): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=omid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_ACCT msg=audit(1576075681.149:1192): pid=3232 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1576075681.150:1193): pid=3232 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_fprintd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1576075681.150:1194): pid=3232 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=2 res=1
type=USER_START msg=audit(1576075681.163:1195): pid=3232 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_REFR msg=audit(1576075681.164:1196): pid=3232 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_fprintd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1576075681.209:1197): pid=3232 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_fprintd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_END msg=audit(1576075681.213:1198): pid=3232 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'

相关内容