在 fail2ban 中启用除 SSH 之外的其他 jail

tag-icon tag-icon fail2ban
在 fail2ban 中启用除 SSH 之外的其他 jail

在我的邮件服务器上安装了 Fail2ban。

按照指示,我复制了监狱配置文件进入监狱.本地

这是我在 jail.local 中的内容。我还从 fail2ban 的日志文件中复制了日志。

对我来说,似乎我已在 jail.local 中启用的其他 jail 没有启动,因为日志文件只显示 SSHD jail 已启动,我没有看到其他 jail 正在启动。

编辑** 当我尝试手动启动它时,它说 jail 不存在。如果我尝试启动 SSHD,它工作正常并说 jail 已启动。

/home/USER/Maildir# fail2ban-client start postfix
 NOK: ('postfix',)
Sorry but the jail 'postfix' does not exist
/home/USER/Maildir# fail2ban-client start postfix-rbl
 NOK: ('postfix-rbl',)
Sorry but the jail 'postfix-rbl' does not exist

以下是我所拥有的jail.local

[sshd]
  enable = true
  port    = ssh
  logpath = %(sshd_log)s
  backend = %(sshd_backend)s

我还启用了其他服务

[postfix]
  enable = true
  mode    = more
  port    = smtp,465,submission
  logpath = %(postfix_log)s
  backend = %(postfix_backend)s
  maxretry = 1
  bantime = 48h

[postfix-rbl]
  enable = true
  filter   = postfix[mode=rbl]
  port     = smtp,465,submission
  logpath  = %(postfix_log)s
  backend  = %(postfix_backend)s
  maxretry = 1


[sendmail-auth]
  enable = true
  port    = submission,465,smtp
  logpath = %(syslog_mail)s
  backend = %(syslog_backend)s
  maxretry = 1

/var/log/fail2ban.log说:

2020-05-11 23:26:50,209 fail2ban.server         [10790]: INFO    Starting Fail2ban v0.10.2
2020-05-11 23:26:50,212 fail2ban.database       [10790]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-05-11 23:26:50,213 fail2ban.jail           [10790]: INFO    Creating new jail 'sshd'
2020-05-11 23:26:50,226 fail2ban.jail           [10790]: INFO    Jail 'sshd' uses pyinotify {}
2020-05-11 23:26:50,229 fail2ban.jail           [10790]: INFO    Initiated 'pyinotify' backend
2020-05-11 23:26:50,230 fail2ban.filter         [10790]: INFO      maxLines: 1
2020-05-11 23:26:50,255 fail2ban.server         [10790]: INFO    Jail sshd is not a JournalFilter instance
2020-05-11 23:26:50,256 fail2ban.filter         [10790]: INFO    Added logfile: '/var/log/auth.log' (pos = 635398, hash = f27994565e613699182c4d7ceadd7904b0e587e4)
2020-05-11 23:26:50,259 fail2ban.filter         [10790]: INFO      encoding: UTF-8
2020-05-11 23:26:50,260 fail2ban.filter         [10790]: INFO      maxRetry: 2
2020-05-11 23:26:50,260 fail2ban.filter         [10790]: INFO      findtime: 600
2020-05-11 23:26:50,260 fail2ban.actions        [10790]: INFO      banTime: 600000
2020-05-11 23:26:50,415 fail2ban.jail           [10790]: INFO    Jail 'sshd' started
2020-05-11 23:26:50,466 fail2ban.actions        [10790]: NOTICE  [sshd] Restore Ban X.X.X.X
.......

编辑上述内容后,fail2ban 的更多内容。我尝试启动,但重新加载 jail 仍然不起作用

2020-05-12 03:10:25,816 fail2ban.transmitter    [10790]: WARNING Command ['postfix'] has failed. Received Exception('Invalid command')
2020-05-12 08:37:41,716 fail2ban.transmitter    [10790]: WARNING Command ['[postfiadsx]'] has failed. Received Exception('Invalid command')
2020-05-12 08:37:48,752 fail2ban.transmitter    [10790]: WARNING Command ['[postfix]'] has failed. Received Exception('Invalid command')
2020-05-12 20:10:09,314 fail2ban.transmitter    [10790]: WARNING Command ['sshd'] has failed. Received Exception('Invalid command')
2020-05-12 20:10:15,211 fail2ban.transmitter    [10790]: WARNING Command ['[sshd]'] has failed. Received Exception('Invalid command')
2020-05-12 20:16:36,680 fail2ban.transmitter    [10790]: WARNING Command ['[start,', 'sshd]'] has failed. Received Exception('Invalid command')
2020-05-12 20:34:24,968 fail2ban.transmitter    [10790]: WARNING Command ['start', 'postfix'] has failed. Received UnknownJailException('postfix')
2020-05-12 20:34:42,339 fail2ban.transmitter    [10790]: WARNING Command ['start', 'postfix-rbl'] has failed. Received UnknownJailException('postfix-rbl')
2020-05-12 20:47:09,239 fail2ban.server         [10790]: INFO    Reload jail postfix-rbl
2020-05-12 20:47:09,240 fail2ban.server         [10790]: INFO    Reload finished.
2020-05-12 20:47:09,240 fail2ban.transmitter    [10790]: WARNING Command ['reload', 'postfix-rbl', [], [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget', '/var/log/fail2ban.log'], ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3'], ['set', 'dbpurgeage', '1d']]] has failed. Received UnknownJailEx

答案1

我记得应该是这样的语法:

enabled = true

“已启用”不是“启用”

答案2

如果所有其他服务都是默认安装的,那么它应该可以正常工作。但是,fail2ban 似乎在查看日志时遇到了麻烦。请确保以 root 用户身份启动 fail2ban。非 root 用户无权访问 /var/log/

相关内容