在我的邮件服务器上安装了 Fail2ban。
按照指示,我复制了监狱配置文件进入监狱.本地
这是我在 jail.local 中的内容。我还从 fail2ban 的日志文件中复制了日志。
对我来说,似乎我已在 jail.local 中启用的其他 jail 没有启动,因为日志文件只显示 SSHD jail 已启动,我没有看到其他 jail 正在启动。
编辑** 当我尝试手动启动它时,它说 jail 不存在。如果我尝试启动 SSHD,它工作正常并说 jail 已启动。
/home/USER/Maildir# fail2ban-client start postfix
NOK: ('postfix',)
Sorry but the jail 'postfix' does not exist
/home/USER/Maildir# fail2ban-client start postfix-rbl
NOK: ('postfix-rbl',)
Sorry but the jail 'postfix-rbl' does not exist
以下是我所拥有的jail.local
[sshd]
enable = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
我还启用了其他服务
[postfix]
enable = true
mode = more
port = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
maxretry = 1
bantime = 48h
[postfix-rbl]
enable = true
filter = postfix[mode=rbl]
port = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
maxretry = 1
[sendmail-auth]
enable = true
port = submission,465,smtp
logpath = %(syslog_mail)s
backend = %(syslog_backend)s
maxretry = 1
/var/log/fail2ban.log
说:
2020-05-11 23:26:50,209 fail2ban.server [10790]: INFO Starting Fail2ban v0.10.2
2020-05-11 23:26:50,212 fail2ban.database [10790]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-05-11 23:26:50,213 fail2ban.jail [10790]: INFO Creating new jail 'sshd'
2020-05-11 23:26:50,226 fail2ban.jail [10790]: INFO Jail 'sshd' uses pyinotify {}
2020-05-11 23:26:50,229 fail2ban.jail [10790]: INFO Initiated 'pyinotify' backend
2020-05-11 23:26:50,230 fail2ban.filter [10790]: INFO maxLines: 1
2020-05-11 23:26:50,255 fail2ban.server [10790]: INFO Jail sshd is not a JournalFilter instance
2020-05-11 23:26:50,256 fail2ban.filter [10790]: INFO Added logfile: '/var/log/auth.log' (pos = 635398, hash = f27994565e613699182c4d7ceadd7904b0e587e4)
2020-05-11 23:26:50,259 fail2ban.filter [10790]: INFO encoding: UTF-8
2020-05-11 23:26:50,260 fail2ban.filter [10790]: INFO maxRetry: 2
2020-05-11 23:26:50,260 fail2ban.filter [10790]: INFO findtime: 600
2020-05-11 23:26:50,260 fail2ban.actions [10790]: INFO banTime: 600000
2020-05-11 23:26:50,415 fail2ban.jail [10790]: INFO Jail 'sshd' started
2020-05-11 23:26:50,466 fail2ban.actions [10790]: NOTICE [sshd] Restore Ban X.X.X.X
.......
编辑上述内容后,fail2ban 的更多内容。我尝试启动,但重新加载 jail 仍然不起作用
2020-05-12 03:10:25,816 fail2ban.transmitter [10790]: WARNING Command ['postfix'] has failed. Received Exception('Invalid command')
2020-05-12 08:37:41,716 fail2ban.transmitter [10790]: WARNING Command ['[postfiadsx]'] has failed. Received Exception('Invalid command')
2020-05-12 08:37:48,752 fail2ban.transmitter [10790]: WARNING Command ['[postfix]'] has failed. Received Exception('Invalid command')
2020-05-12 20:10:09,314 fail2ban.transmitter [10790]: WARNING Command ['sshd'] has failed. Received Exception('Invalid command')
2020-05-12 20:10:15,211 fail2ban.transmitter [10790]: WARNING Command ['[sshd]'] has failed. Received Exception('Invalid command')
2020-05-12 20:16:36,680 fail2ban.transmitter [10790]: WARNING Command ['[start,', 'sshd]'] has failed. Received Exception('Invalid command')
2020-05-12 20:34:24,968 fail2ban.transmitter [10790]: WARNING Command ['start', 'postfix'] has failed. Received UnknownJailException('postfix')
2020-05-12 20:34:42,339 fail2ban.transmitter [10790]: WARNING Command ['start', 'postfix-rbl'] has failed. Received UnknownJailException('postfix-rbl')
2020-05-12 20:47:09,239 fail2ban.server [10790]: INFO Reload jail postfix-rbl
2020-05-12 20:47:09,240 fail2ban.server [10790]: INFO Reload finished.
2020-05-12 20:47:09,240 fail2ban.transmitter [10790]: WARNING Command ['reload', 'postfix-rbl', [], [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget', '/var/log/fail2ban.log'], ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3'], ['set', 'dbpurgeage', '1d']]] has failed. Received UnknownJailEx
答案1
我记得应该是这样的语法:
enabled = true
“已启用”不是“启用”
答案2
如果所有其他服务都是默认安装的,那么它应该可以正常工作。但是,fail2ban 似乎在查看日志时遇到了麻烦。请确保以 root 用户身份启动 fail2ban。非 root 用户无权访问 /var/log/