ssh-ddos 出现 fail2ban 错误,无法读取过滤器“sshd-ddos”

ssh-ddos 出现 fail2ban 错误,无法读取过滤器“sshd-ddos”

我正在尝试让 fail2ban 与 ssh 一起工作。我已将 ssh 端口更改为 ,900并在 中输入以下内容/etc/fail2ban/jail.local

[sshd]
enabled = true
port = 900
logpath = %(sshd_log)s

这没有任何问题。但是当我添加一个条目时[sshd-ddos]

[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
enabled = true
port = 900
logpath = %(sshd_log)s

然后运行sudo service fail2ban restart,然后检查状态,sudo systemctl status fail2ban我可以看到有一个错误:

   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-09-22 17:06:29 CST; 4s ago
     Docs: man:fail2ban(1)
  Process: 7477 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
  Process: 7478 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 7483 (fail2ban-server)
    Tasks: 3 (limit: 1107)
   CGroup: /system.slice/fail2ban.service
           └─7483 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Sep 22 17:06:29 twitter-builder systemd[1]: Stopped Fail2Ban Service.
Sep 22 17:06:29 twitter-builder systemd[1]: Starting Fail2Ban Service...
Sep 22 17:06:29 twitter-builder systemd[1]: Started Fail2Ban Service.
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]:  Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]:  Unable to read the filter 'sshd-ddos'
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]:  Errors in jail 'sshd-ddos'. Skipping...
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]: Server ready

我在这里遗漏了什么?

答案1

[ssh-ddos]监狱实际上由 sshd.conf 提供服务

解决方案是添加指令

filter = sshd

在下面 [ssh-ddos]部分

请注意下面的评论[ssh-ddos]解释差异的指令:

此 jail 对应于 Fail2ban 中的标准配置。mail-whois 操作会发送一封包含 whois 请求的通知电子邮件。

这个解决方案对我有用。最初发现这里

相关内容