我正在尝试让 fail2ban 与 ssh 一起工作。我已将 ssh 端口更改为 ,900并在 中输入以下内容/etc/fail2ban/jail.local:
[sshd]
enabled = true
port = 900
logpath = %(sshd_log)s
这没有任何问题。但是当我添加一个条目时[sshd-ddos]:
[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
enabled = true
port = 900
logpath = %(sshd_log)s
然后运行sudo service fail2ban restart,然后检查状态,sudo systemctl status fail2ban我可以看到有一个错误:
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-09-22 17:06:29 CST; 4s ago
Docs: man:fail2ban(1)
Process: 7477 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
Process: 7478 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 7483 (fail2ban-server)
Tasks: 3 (limit: 1107)
CGroup: /system.slice/fail2ban.service
└─7483 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Sep 22 17:06:29 twitter-builder systemd[1]: Stopped Fail2Ban Service.
Sep 22 17:06:29 twitter-builder systemd[1]: Starting Fail2Ban Service...
Sep 22 17:06:29 twitter-builder systemd[1]: Started Fail2Ban Service.
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]: Found no accessible config files for 'filter.d/sshd-ddos' under /etc/fail2ban
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]: Unable to read the filter 'sshd-ddos'
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]: Errors in jail 'sshd-ddos'. Skipping...
Sep 22 17:06:29 twitter-builder fail2ban-server[7483]: Server ready
我在这里遗漏了什么?
答案1
[ssh-ddos]监狱实际上由 sshd.conf 提供服务。
解决方案是添加指令
filter = sshd
在下面 [ssh-ddos]部分
请注意下面的评论[ssh-ddos]解释差异的指令:
此 jail 对应于 Fail2ban 中的标准配置。mail-whois 操作会发送一封包含 whois 请求的通知电子邮件。
这个解决方案对我有用。最初发现这里