centos8 fail2ban 不工作

tag-icon tag-icon security fail2ban centos8
centos8 fail2ban 不工作

我在 CentOS 8 上运行 fail2ban,并配置了 ssh 和 Nginx。当我执行 fail2ban-client status 时,它们都显示 ip 被阻止,但它们实际上并没有被防火墙阻止。我遭受了 ssh 攻击的轰炸,而防火墙方面却没有任何反应。我正在运行“tcpdump - i 任何端口 80 或端口 443 或端口 22”,看到多次失败的尝试。fail2ban 再次看到它们并说它们被禁止了,但它们实际上并没有被禁止。有什么建议吗?

[DEFAULT] 
ignoreip = 127.0.0.1 192.168.1.0/24
bantime  = 21600
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd] 
enabled = true

[nginx-http-auth]
enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = /var/log/gitlab/nginx/error.log

[nginx-noscript]
enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 6

[nginx-badbots]
enabled  = true
port     = http,https
filter   = nginx-badbots
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-nohome]
enabled  = true
port     = http,https
filter   = nginx-nohome
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-noproxy]
enabled  = true
port     = http,https
filter   = nginx-noproxy
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab_error.log

答案1

如果您实际正在使用firewalld,请确保使用与firewalld兼容的,banaction例如firewallcmd-ipset

答案2

您的配置看起来不错,特别是当您看到 fail2ban-client status sshd 的输出中列出的 ip 时。

您如何检查 IP 是否已被禁止?这是我在负责的 IP 被禁止的系统上检查它的方法。

            iptables -L f2b-sshd
Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  120.29.125.240       anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

如果那里没有列出,是不是因为它被禁止和解禁得太快了?我知道你的配置设置为 6 小时,这应该足够长了。

除此之外,您还可以检查 /var/log/fail2ban.log 以查找可能相关的活动。例如:

2020-12-04 09:17:07,590 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:09,883 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:12,163 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:14,381 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:16,874 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:17,805 fail2ban.actions        [9089]: NOTICE  [sshd] Ban 120.29.125.240

相关内容