fail2ban Jail 启动但没有显示任何连接

fail2ban Jail 启动但没有显示任何连接

我在我的 Ubuntu 服务器上安装了 fail2ban。

一切似乎都开始正常:

cat fail2ban.log
2023-12-07 14:55:27,758 fail2ban.server         [803]: INFO    --------------------------------------------------
2023-12-07 14:55:27,758 fail2ban.server         [803]: INFO    Starting Fail2ban v0.11.2
2023-12-07 14:55:27,759 fail2ban.observer       [803]: INFO    Observer start...
2023-12-07 14:55:27,767 fail2ban.database       [803]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2023-12-07 14:55:27,768 fail2ban.database       [803]: WARNING New database created. Version '4'
2023-12-07 14:55:27,769 fail2ban.jail           [803]: INFO    Creating new jail 'sshd'
2023-12-07 14:55:27,778 fail2ban.jail           [803]: INFO    Jail 'sshd' uses pyinotify {}
2023-12-07 14:55:27,779 fail2ban.jail           [803]: INFO    Initiated 'pyinotify' backend
2023-12-07 14:55:27,780 fail2ban.filter         [803]: INFO      maxLines: 1
2023-12-07 14:55:27,790 fail2ban.filter         [803]: INFO      maxRetry: 5
2023-12-07 14:55:27,790 fail2ban.filter         [803]: INFO      findtime: 600
2023-12-07 14:55:27,790 fail2ban.actions        [803]: INFO      banTime: 600
2023-12-07 14:55:27,790 fail2ban.filter         [803]: INFO      encoding: UTF-8
2023-12-07 14:55:27,790 fail2ban.filter         [803]: INFO    Added logfile: '/var/log/auth.log' (pos = 0, hash = dbc10cda87971348abf435b463c625fcaf25d6de)

2023-12-07 16:32:52,352 fail2ban.jail           [3466]: INFO    Creating new jail 'sshd'
2023-12-07 16:32:52,354 fail2ban.jail           [3466]: INFO    Jail 'sshd' uses poller {}
2023-12-07 16:32:52,354 fail2ban.jail           [3466]: INFO    Initiated 'polling' backend
2023-12-07 16:32:52,354 fail2ban.filter         [3466]: INFO      maxLines: 1
2023-12-07 16:32:52,361 fail2ban.filter         [3466]: INFO      maxRetry: 3
2023-12-07 16:32:52,361 fail2ban.filter         [3466]: INFO      findtime: 900
2023-12-07 16:32:52,361 fail2ban.actions        [3466]: INFO      banTime: 900
2023-12-07 16:32:52,361 fail2ban.filter         [3466]: INFO      encoding: UTF-8
2023-12-07 16:32:52,361 fail2ban.filter         [3466]: INFO    Added logfile: '/var/log/auth.log' (pos = 106290, hash = dbc10cda87971348abf435b463c625fcaf25d6de)
2023-12-07 16:32:52,362 fail2ban.jail           [3466]: INFO    Jail 'sshd' started

当我查看它的状态时,它似乎也不错:

sudo fail2ban-client status
Status
|- Number of jail:  1
`- Jail list:   sshd

我在日志 /var/log/fail2ban.log 中添加了几行:

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
enabled = true
port    = ssh
backend = polling
filter = sshd
logpath = /var/log/auth.log
bantime = 900
banaction = iptables-allports
findtime = 900
maxretry = 3

当我这样做时,cat fail2ban.log之后没有显示任何连接2023-12-07 16:32:52,362 fail2ban.jail [3466]: INFO Jail 'sshd' started。我正在通过我的 MacBook 与服务器进行 ssh 连接,它们出现在/var/log/auth.log,然而什么也没有出现在fail2ban.log

答案1

尝试将您的后端设置为自动或 systemd,然后重新加载 fail2ban。

我建议你的监狱采用这种配置

[ssh]
enabled = true
port = ssh
filter = ssh
backend = systemd
maxretry = 3
bantime = 600


# Block DDOS on ssh
[ssh-ddos]
enabled = true
port = ssh,sftp
filter = sshd-ddos
backend = systemd
maxretry = 2
bantime = 600

要查看被禁止的 IP,您需要检查监狱本身fail2ban-client status ssh(当您实现我的配置时),您的配置fail2ban-client status sshd(但在基于 Debian 的发行版中,sshd 是 ssh 服务,它只是 ssh)

相关内容