fail2ban ssh 不禁止任何 IP

tag-icon tag-icon ssh fail2ban ip-banning
fail2ban ssh 不禁止任何 IP

我以 身份启动了 fail2ban 服务sudo systemctl restart fail2ban.service,它成功启动了。但我从远程 PC 使用错误密码进行的 ssh 尝试未被阻止,没有列出 IPBanned IP list

  • 它仅适用于fail2ban-client set sshd banip <remote_pc_IP>
  • 禁止 IP 列表没有按照更新最大重试次数试图

/etc/fail2ban/jail.local

[DEFAULT]
default_backend = auto

[sshd]
enabled = true
mode = aggressive
port = ssh
filter = sshd
# I added the below logpath since No file(s) found for glob /var/log/auth.log
# below file only giving ssh connection log
logpath = /var/volatile/log/messages
maxretry = 1
#backend = systemd
  • 后端由于日志中未找到 sshd 日志,因此进行了评论

sudo tail -f /var/volatile/log/messages | grep “172.16.0。”

Apr 11 13:27:25  auth.info sshd[1873]: Failed password for guest from 172.16.0.80 port 60486 ssh2
Apr 11 13:27:25  auth.info sshd[1873]: Failed password for guest from 172.16.0.80 port 60486 ssh2
Apr 11 13:27:25  auth.info sshd[1873]: Connection closed by authenticating user guest 172.16.0.80 port 60486 [preauth]

fail2ban-客户端状态 sshd

Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /var/volatile/log/messages
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

/var/log/fail2ban.log

2023-04-11 12:54:15,500 fail2ban.server         [692]: INFO    Starting Fail2ban v0.10.3.fix1
2023-04-11 12:54:15,516 fail2ban.database       [692]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2023-04-11 12:54:15,525 fail2ban.jail           [692]: INFO    Creating new jail 'sshd'
2023-04-11 12:54:15,574 fail2ban.jail           [692]: INFO    Jail 'sshd' uses pyinotify {}
2023-04-11 12:54:15,586 fail2ban.jail           [692]: INFO    Initiated 'pyinotify' backend
2023-04-11 12:54:15,589 fail2ban.filter         [692]: INFO      maxLines: 1
2023-04-11 12:54:15,756 fail2ban.server         [692]: INFO    Jail sshd is not a JournalFilter instance
2023-04-11 12:54:15,761 fail2ban.filter         [692]: INFO    Added logfile: '/var/volatile/log/messages' (pos = 0, hash = 133455cd694ec2584c1defa33b1d1eef)
2023-04-11 12:54:15,780 fail2ban.filter         [692]: INFO      maxRetry: 1
2023-04-11 12:54:15,782 fail2ban.filter         [692]: INFO      encoding: ANSI_X3.4-1968
2023-04-11 12:54:15,783 fail2ban.actions        [692]: INFO      banTime: 600
2023-04-11 12:54:15,786 fail2ban.filter         [692]: INFO      findtime: 600
2023-04-11 12:54:15,800 fail2ban.jail           [692]: INFO    Jail 'sshd' started

答案1

这个问题已通过禁用 busybox 组件的 syslog 并仅启用日志日志得到解决。因此,所有 SSH 尝试日志都会记录在日志中,从而成功进行 fail2ban 跟踪

相关内容